I've received several types of attacks reported by my firewall software. So far nothing negative to report on this forum, but I'm concerned that something could get on my system and someday cause major problems. I the Windows version and one from Trend Micro. Short of not using the web all what other security measures can a user install to further protect a home PC. I currently use dialup, but am seriously considering a switch over to a high speed cable modem. Will my current firewall protection by adequate? Thanks, L Pena in West Texas.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How serious are firewall attacks on our systems? 1
- Thread starter xproforme
- Start date
- Thread starter
- #3
-
1
- #4
They're called script kiddies (or 5cr1p7 k1ddi35 if you're a purist). They run freely-available programs and scripts to surf the net, similar to how a search engine webcrawler would. Those in the know have probably compiled lists of IP addresses for DSL and cable providers, and those addresses are hit almost constantly to find open TCP/IP ports. The common ones nowadays seem to be hitting the ports that allow them to use your machine as a web proxy (i.e. you will surf the web for them, returning the web pages while only exposing your IP address to the target website) or a mail proxy. The mail proxy is overwhelmingly being used to send spam, since it's ... gee, often illegal and stuff to do it yourself, and subjects you often to being booted off your ISP for violations of TOS and all-around good sense.
Like casual drug users, the script kiddies are almost harmless, but unchecked they can be damned annoying, gobbling up other people's bandwidth for no good reason. What is almost certainly a big problem are the organizations that run these programs and scripts to use your machine as a proxy for their spam and passage of illegal web content. But -- if we're to be honest with ourselves -- another and higher level of danger entirely is represented in people running crap like Gator, Kazaa and all other spyware- and adware-drenched content and service programs. THAT, we generally do to ourselves, and there's where serious bandwidth consumption and illegal activities take place (and according to the RIAA, it's punishable by firing squad or hanging, but we can discount their social theories a bit).
If you have DSL or cable Internet service, you have to run a firewall. ZoneAlarm is a good choice; it's free, friendly (mostly) and functional.
Like casual drug users, the script kiddies are almost harmless, but unchecked they can be damned annoying, gobbling up other people's bandwidth for no good reason. What is almost certainly a big problem are the organizations that run these programs and scripts to use your machine as a proxy for their spam and passage of illegal web content. But -- if we're to be honest with ourselves -- another and higher level of danger entirely is represented in people running crap like Gator, Kazaa and all other spyware- and adware-drenched content and service programs. THAT, we generally do to ourselves, and there's where serious bandwidth consumption and illegal activities take place (and according to the RIAA, it's punishable by firing squad or hanging, but we can discount their social theories a bit).
If you have DSL or cable Internet service, you have to run a firewall. ZoneAlarm is a good choice; it's free, friendly (mostly) and functional.
- Thread starter
- #5
Thanks Peahippo, the era of abuse seems to indicate that connecting to web without protection can be very hazardous for ones well being. Bandwith is everthing and abusers really slow web traffic down for us all. It would seem that even university networks are being used as relay points for net abusers to pass large volumes of illict data. I wouldn't be surprized that government is also involved in trying to use similar methods to gather information about it's citizens to potentially gain knowledge in the war on terrorism. I do not beleive that it will yield any kind of useful information as terrorist know that the authorities can not even stop complex computer abusers. L Pena in West Texas. PS I plan to use a secure router as well as I also want to install a wireless home network.
NewToProgramming
Technical User
I use Norton internet security. Protects you from hackers, viruses and privacy threats. Seems to work great, but not free like Zone Alarm, but it also includes the antivirus.
Using the link below shows you what the free version of Zone Alarm does Vs the paid versions.
Using the link below shows you what the free version of Zone Alarm does Vs the paid versions.
I would suggest everyone invest in (at minimum) a Broadband router if they have always-on connections. This prevents the most common possible violations (as precisely stated by Peahippo.) I run Zonealarm or Zonealarm Pro on every dial-up connection machine I install (except Win2k Servers.)
Since I have been involved with some more security-conscious installations lately I've come to appreciate more powerful firewalls and now run these (in addition to a broadband router) whenever I can convince my clients to write a check.
Alex
Since I have been involved with some more security-conscious installations lately I've come to appreciate more powerful firewalls and now run these (in addition to a broadband router) whenever I can convince my clients to write a check.
Alex
At first you asked about a software firewall, but later you said you were planning on using a secure router.
I surfed a bit on suspicion, and it seems that a secure router performs the firewall functions you'd desire. For instance:
If you are going to use a secure router, then you already have a firewall, and you shouldn't use software firewalls on any machine so protected. That is at least redundant, and could produce double-filter problems (I still hate corporate proxies, can't you tell?).
At first cut, I imagine that you will pipe your DSL feed from the DSL box to this secure router, and then to a wireless hub. There are certain advantages to this chain of boxes, but you may run the idea by your DSL provider that you want to convert the DSL box (ostensibly a router itself) into a DSL+Firewall+Wireless unit if such a thing is available. If you can get a unit cheap enough, then there will be only one unit to configure. DSL and cable companies have a range of provisions for customers who want to use their own cable modems or DSL routers.
But connection-wise, DSL->firewall->hub is simplest by chaining those boxes together. And if any one of them fail, it's almost a brainless exercise to get it replaced.
Check with your DSL provider to see what changes they will accept to your equipment end. They should be OK with discussing your home-network plans with you. After that, you can at least look around for wireless secure routers.
I assume this is home use, and you'll note that I expressed no concern (nay, not a whit) for wireless security. The wardriving threat is overrated unless you live in a big city area, especially the apartment complexes. So, do you have any particular security concerns about your wireless emissions?
I surfed a bit on suspicion, and it seems that a secure router performs the firewall functions you'd desire. For instance:
If you are going to use a secure router, then you already have a firewall, and you shouldn't use software firewalls on any machine so protected. That is at least redundant, and could produce double-filter problems (I still hate corporate proxies, can't you tell?).
At first cut, I imagine that you will pipe your DSL feed from the DSL box to this secure router, and then to a wireless hub. There are certain advantages to this chain of boxes, but you may run the idea by your DSL provider that you want to convert the DSL box (ostensibly a router itself) into a DSL+Firewall+Wireless unit if such a thing is available. If you can get a unit cheap enough, then there will be only one unit to configure. DSL and cable companies have a range of provisions for customers who want to use their own cable modems or DSL routers.
But connection-wise, DSL->firewall->hub is simplest by chaining those boxes together. And if any one of them fail, it's almost a brainless exercise to get it replaced.
Check with your DSL provider to see what changes they will accept to your equipment end. They should be OK with discussing your home-network plans with you. After that, you can at least look around for wireless secure routers.
I assume this is home use, and you'll note that I expressed no concern (nay, not a whit) for wireless security. The wardriving threat is overrated unless you live in a big city area, especially the apartment complexes. So, do you have any particular security concerns about your wireless emissions?
AlexIT: I just had an idea. I have never been partcularly worried about firewalling a dialup due to the speed limitation. This is from experience, but contains an article of faith that the port scanners can judge that you are a slow connection and thus aren't worth using.
Since the kiddies use
often enough for checking to see if your IP address is alive, then is there some way to react to ping verrrrry sllllloooowwly? This concept is similar to the one the spam-fighting world (it's called a "tar baby" (nothing to do with the Unix "tar" (tape archive))). The usual Internet mail protocols on a server have a challenge-response mechanism, and you can make a tar baby by adjusting one of these to make your server respond to probable spammers by responding at a very, very slow rate of delivery. Just like the myth, the spammer probe gets "stuck" taking in your data at the same rate. Since he can't get in anyway, it'll be a while before he goes onto his next server victim. Hence, you fight his spamming by costing him a great deal of time dealing with your server just once.
Anyhoo, my question is if any old Windows 9x or NT computer can be tweaked to cause an adjustable but significant delay in responding to a
. The delay can't be too short (else the kiddie may value your existence over your speed) and can't be too long (or
will timeout). (Not that causing
to timeout is a bad thing for dissuading such attacks.) Any ideas?
Since the kiddies use
Code:
pingAnyhoo, my question is if any old Windows 9x or NT computer can be tweaked to cause an adjustable but significant delay in responding to a
Code:
ping
Code:
ping
Code:
pingOnly with a software package could you adjust the TCP response but you would slow any surfing you do also because of the SND/ACK loop used in transmitting packets back and forth. I know with ZONEALARM I can prevent a reply from a ping on the "WAN" side of my NIC. "Stealth Mode."
No one attacks your firewall.
Pings can be blocked efficiently
either by a hardware router,
hardware firewall device, or by
software. Filtering ICMP traffic
of any type is such a trivial thing
that no penalty for browsing the
internet would be experienced by any
of these methods.
If an attack is mounted at all it
would be a blind attack to your IP
address.
I do not know of even the cheapest NAT
device that would not defeat such an
attack without blinking an eye, nor would
you suffer an internet browsing penalty
for having one.
The point of having a software firewall
and/or hardware one in the presence of NAT
would be to make you a responsible internet
citizen, and not broadast out-bound hazardous
waste to other members of the internet.
And even then, at its most restrictive, the
"browsing" slowdown penalty would be measured
in thousandths of a second.
Where is the technical content of this thread?
Pings can be blocked efficiently
either by a hardware router,
hardware firewall device, or by
software. Filtering ICMP traffic
of any type is such a trivial thing
that no penalty for browsing the
internet would be experienced by any
of these methods.
If an attack is mounted at all it
would be a blind attack to your IP
address.
I do not know of even the cheapest NAT
device that would not defeat such an
attack without blinking an eye, nor would
you suffer an internet browsing penalty
for having one.
The point of having a software firewall
and/or hardware one in the presence of NAT
would be to make you a responsible internet
citizen, and not broadast out-bound hazardous
waste to other members of the internet.
And even then, at its most restrictive, the
"browsing" slowdown penalty would be measured
in thousandths of a second.
Where is the technical content of this thread?
- Thread starter
- #12
Technical content? I originally ask a question about a firewall and whether or not it would be adequate for a high speed cable connection. Others have suggested that yes it would but that adding a secure router would make the firewall software redundant. I thank all of the other users for the feedback presented in this tread for helping me to become a more informed person, but feel that this thread has answered my question already. Perhaps it should end now and another thread started from some other user. My thanks to everyone for the information provided. L Pena in West Texas signing off this thread.
- Status