Michael P. Soulier
msoulier at storm.ca
Sat Nov 30 08:52:57 EST 2002
On 29/11/02 gabriel did speaketh:
> one other thing to keep in mind is that without a firewall, a simple port
> scann will tell a baddie that you're using a *nix-type os. i don't remember
> the exact port or response, but both windows and mac machines don't reply in
> the same way, therefore if someone scans you, and gets this reply, regardless
> of whether your software is up to date, you're now a marked target.
This can be easily determined by the response of the daemons running on
the box. Assuming you're running any services, it's not that hard to determine
the type of target.
> i think what's missing here is the old idea that locked doors make bad
> targets. sure, people can break a window and get in, but why bother when
> your neighbour's door is wide open? firewalls keep out some of the baddies,
> updated software keeps out the rest.
You're missing the point. If you're running services then your door is
already open. Firewall unused ports is like armouring the brick of my house.
They're going to come in a window, so why bother?
> logging is also nice. you can find out who's been looking at your machine
> and block his ip alltogether. it cuts down on your internet traffic and
> keeps you that much safer.
Most people don't scan their logs. They simply run a firewall, any
firewall, and assume that they're safe.
Michael P. Soulier <msoulier at storm.ca>, GnuPG pub key: 5BC8BE08
"...the word HACK is used as a verb to indicate a massive amount
of nerd-like effort." -Harley Hahn, A Student's Guide to Unix
HTML Email Considered Harmful: http://expita.com/nomime.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20021130/3c476281/attachment.bin
More information about the OCLUG