Full Disclosure mailing list archives
Re:Re: Virus infect on single user
From: "Ian Latter" <Ian.Latter () mq edu au>
Date: Tue, 10 Feb 2004 20:30:08 +1000
Hello Steffen,
he dont say anything about this. But, if there are no open Ports there is nothing to protect on a single user machine.(or i'm wrong?) The only
This is dependant upon which layer of the OSI model your attack vector is targetted at, and its offensive characteristics. NB - waffle below is probably preaching to the converted. Ignore the rest of this message if the previous comment was all too familiar. For example, "closing ports" tends to suggest that the layer-4 listeners are removed, but this doesn't stop a user from SYN flooding your LAN. It also doesn't stop the user from accidentally introducing malware that establishes its own listerners (possibly both layer-8 issues ;-). If you go down a layer you get network level examples like IGMP attacks, ICMP redirects/floods, etc. If you go up a layer you get session level examples like RPC discovery/enumeration, etc. I'm not sure how far down the stack any of the personal firewall products go (I'm not sure that they even focus on anything outside of TCP, UDP and/or ICMP), but the two biggest advantages that I've seen PF's provide, are; - on/off control on applications seeking outbound connections, and seeing that service provided independantly of the OS (allowing regulation of the OS components also). - traditional firewall-style packet filtering that prevents access to "accidental" TCP/UDP listening services (where a deny-default policy has been applied). This second feature is often redundant due to the first anyway, as listeners can also be accepted/ rejected upon the socket call. I'm not a big fan of personal firewalls, but for users that fall into the "my mom" category (directly connected to the internet, think a byte goes with a sandwich, etc) I don't think it can be avoided. Speaking of which - on the topic of what to do with educating all of the home users with cable/dsl internet access and no clue as to what computer security is (it *is* locked in the office, Ian), I quizzed my poor/dear old mom -- who finds her XP machine a slightly more convenient way to play solitaire than using a deck of cards -- to see what she thought of being labelled one of the world's greatest technological/"cyber" threats - her response; "Good. Its nice to know I'm important" ;-) Eh, good one mom. Ah, and before I get flamed on "why does she need Internet access to play solitaire?" - she's supposed to be using it for email, but she has a lot of trouble keeping track of email addresses (she calls everyone instead). Revenge for all the Xmas presents I played with once and left, I guess ;-) Regards, -- Ian Latter Internet and Networking Security Officer Macquarie University Meet me at the Australian Unix and open systems User Group (AUUG) Security Symposium; 2004 http://www.auug.org.au/events/2004/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Virus infect on single user, (continued)
- Re: Virus infect on single user Steffen Hetzel (Feb 09)
- Re: Re: Virus infect on single user Kenton Smith (Feb 09)
- Re: Re: Virus infect on single user Gregory A. Gilliss (Feb 09)
- Re: Re: Virus infect on single user Ron DuFresne (Feb 09)
- Re: Virus infect on single user Steffen Hetzel (Feb 09)
- Re: Re: Virus infect on single user Kenton Smith (Feb 09)
- RE: Virus infect on single user Schmehl, Paul L (Feb 09)
- RE: Virus infect on single user CHS (Feb 09)
- Re: Virus infect on single user Cael Abal (Feb 09)
- anti-adware and false positives (was: Virus infect on single user) Spiro Trikaliotis (Feb 10)
- RE: Virus infect on single user CHS (Feb 09)
- RE: Virus infect on single user Brad Griffin (Feb 09)
- Re:Re: Virus infect on single user Ian Latter (Feb 10)
- Re: Virus infect on single user Steffen Hetzel (Feb 09)