Full Disclosure mailing list archives
Re: Re: Microsoft urging users to buy Harware Firewalls
From: Joey <joey2cool () yahoo com>
Date: Thu, 14 Aug 2003 12:01:17 -0700 (PDT)
I would have to disagree, no OS that listens on ports is secure, and firewalls can defend against all threats. The only attack that you can pull on a non-open OS or well firewalled connection is a DoS attack. Even with that, usually you dont break the OS(there was a case with win95 and "nuke" attacks) but you can flood the connection. A combination of a good firewall and a secure OS, one that doesn't run servers unless you tell it to, is the best way to go. Firewalls can block ICMP requests and DoS attacks to an extent, and log them when an OS cant. There are several OSs that can be configured to not run servers during install and a lot dont run servers on the default install. The problem with windows is that it runs several services that you cannot disable during install, and in a critical part of the OS. Then microsoft wants you to hide their mistakes that they probably wont fix themselves by saying RPC was never meant to be on the internet in the first place, even though it has been since NT! In most services in windows, you cant change ports, or change access rules by IP like restricting connections to only localhost or subnets. All microsoft has to do is a "netstat -an" to see the 20 ports or however many they have open on a default install. They released a patch but DCOM is still on, and RPC is still listening on port 135. More and more ISPs are blocking port 135 now though because of microsoft. Each time my ISP has blocked a port it had something to do with microsoft products. 80(codered/nimda), 136-139(netbios), 445(SMB), 1433-1434(slammer), 135(RPC). Because of codered I am no longer able to run a webserver from home. Sure, my ISP as well as most ISPs say no servers but they really didnt care before codered. --- "Jeffrey A.K. Dick" <jeffdick () covirt com> wrote:
I think that we need to stop looking for a single "solution" ... there is no silver bullet to be found ... all OS's are insecure and no firewall can defend against all threats. There are always going to be exploitable weaknesses. Anybody who says otherwise is either an idiot or is trying to sell something. Firewalls are an excellent means of defense -- everyone should have one and it should be seperate from the desktop OS. However, just as "real" firewalls do not prevent fires, network firewalls do not prevent security breaches -- they are designed to slow the spread.
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Microsoft urging users to buy Harware Firewalls Paul Szabo (Aug 13)
- <Possible follow-ups>
- RE: Microsoft urging users to buy Harware Firewalls Jonathan Grotegut (Aug 14)
- Re: Microsoft urging users to buy Harware Firewalls Codex (Aug 14)
- RE: Microsoft urging users to buy Harware Firewalls Steve Wray (Aug 14)
- RE: Microsoft urging users to buy Harware Firewalls Gary E. Miller (Aug 15)
- Fwd: Re: Microsoft urging users to buy Harware Firewalls Stephen Clowater (Aug 14)
- Re: Re: Microsoft urging users to buy Harware Firewalls Jeffrey A.K. Dick (Aug 14)
- Re: Re: Microsoft urging users to buy Harware Firewalls Joey (Aug 14)
- Re: Re: Microsoft urging users to buy Harware Firewalls Jeffrey A.K. Dick (Aug 14)
- Fwd: Re: Microsoft urging users to buy Harware Firewalls Stephen Clowater (Aug 14)
- RE: Re: Microsoft urging users to buy Harware Firewalls James Patterson Wicks (Aug 14)
- RE: Re: Microsoft urging users to buy Harware Firewalls Joey (Aug 14)
- RE: Re: Microsoft urging users to buy Harware Firewalls Mike Fratto (Aug 14)
- RE: Re: Microsoft urging users to buy Harware Firewalls Joey (Aug 14)