I just installed Norton Internet Security, and damn, I'm glad I did. I just woke up to a message declaring that a computer with the IP address 158.254.225.199 located in Houston, Texas tried to hack my computer via a Trojan Horse virus or a friendly attempt to use my printer.
This is unexpected.
Spyware? Or a tech-savvy Hatracker trying to get a peek at the nudie pics I took in front of a mirror? I wonder...
Posted by Javert Hugo (Member # 3980) on :
That would be Thor - he's in Houston.
Or... Ophelia? O_O
Posted by Lalo (Member # 3772) on :
Yeah, spake the Texan. Trying to divert blame from yourself?
You always did have shifty eyes...
Posted by Suneun (Member # 3247) on :
people run programs to search the internet for unsuspecting folks who have an ftp server running.
Once, i had an anonymous ftp server running, and within a week someone had uploaded 2 gigs of media files (I was on a university T1 line).
It's kind of an interesting way to get illegal files...
Posted by Dr. Seuss (Member # 2487) on :
Hey you were warned to stop talking bad about Bush.... Posted by fugu13 (Member # 2859) on :
There are, of course, exceptions to this rule. For instance, OS X's built in 'personal firewall' is a full on unix port level industrial strength firewall, like you find in those home routers (and is pretty much the same stuff you find in many corporate firewalls, just there its got a lot more complex configuration and is running on better hardware and such). Now, most of the built in graphical configurability is pretty basic, but it integrates well with the built in services.
But for most people it might as well be useless, same as your firewall. Most anything you're running on a personal computer shouldn't be responding to external requests anyways, and if it should its going to be the sort of application that needs its port open. So unless you're setting up whitelists for that port (which is only effective against people who don't know how to spoof), which I bet is far more time than is worth putting into it (and this is assuming you're running some sort of server), the vast amount of "functionality" of that personal firewall is purely for excitement value.
There is one use for personal firewalls, though. Outgoing requests. They can alert you to (stupid) phone home applications (smart ones can get past). Luckily, most phone home applications are stupid.
Posted by Dagonee (Member # 5818) on :
Even a full-strength firewall should be run on a box with no other services turned on. A NAT box is probably your best bet. I use a LinkSys Router/NAT/Wireless box to connect to my DSL line. It was fairly cheap and allows you to share your broadband connection. There are lots of other models on the market, so shop around for price.
Then remove that firewall from your PC.
Dagonee
Posted by Olivet (Member # 1104) on :
Something like that happened to our Bulgarian Houseguest's server at work. They had this thing where customers could access their files to see how their print jobs were coming, or something.
They didn't get a firewall when they went to that system, because they didn't think anybody would want access to that stuff. Well, they didn't want access to the work files, but they did hack in and take over one of their server's drives with about 10 gigs of porn. Dell sold them a firewall and exchanged their drive.
Posted by fugu13 (Member # 2859) on :
Unless he likes the outgoing detection. <ramble> It can be quite effective (sometimes in an annoying sort of way) -- once while installing DSL for a customer, a rebranded version of one of the common personal firewalls (which they had paid for, though this was the rebranded free version) decided the PPPoE software was an evil program. It locked down net access on the computer and made itself impossible to delete with normal privileges! Had to go into freakin' safe mode to clean everything out, and even that was touch and go as I a) wasn't allowed to touch the registry and so couldn't follow the removal instructions provided by it and b) had no other instructions on how to remove it.
Luckily, removing pesky firewalls is remarkably similar to ripping spyware out by its roots and casting salt upon the ground it grew in, which I was very practiced in doing at this point. Once google had given me a bit of information about the program I was able to quickly find enough of its files that it couldn't regenerate itself (it did this several times before I got rid of it completely).
</ramble> Tenacious beast. So yes, personal firewalls can have uses even with routers, say if you don't want your phone home software to phone home.
But a NAT box will offer far better protection against actual intrusion for the home network. Of course, since you're on DSL your IP is so variable you're not much of a target anyways.
Posted by slacker (Member # 2559) on :
What ports did they try to come in on Lalo?
I run a FTP server from my house, but I've got anonymous logins turned off, and ban people after 2 failed tries (I ban by IP).
It's quite funny looking at my logs to see how many people try to get into my system (I've also got ICMP requests turned off so they can't ping me either). I used to have a program that you could use to flood all their ports at once and even send across a message if they hadn't configured their machines properly.
Still, I believe in retaliation for the repeat offenders that try to get into my system (I run a tracrt to make sure it's not a friendly machine).
Posted by Lalo (Member # 3772) on :
Damn, I'm popular.
quote:A computer with the IP address 68.196.248.248 attempted to connect to your computer using Default Block Backdoor/SubSeven Trojan horse.
Posted by Lalo (Member # 3772) on :
Dagonee, Fugu, Slacker, I have no idea what you've just said.
Posted by fugu13 (Member # 2859) on :
If you have a laptop, get a wireless router. If you have a desktop, probably get a wireless router anyways (not that much more expensive, much more flexible). Microsoft actually makes some pretty good/decently cheap ones.
Using included instructions, do a basic install of the router.
Ta-da! You're completely secure from pretty much anything your personal firewall would be able to notice.
Those "attacks" are just random probes by incompetent script kiddies. You couldn't do anything about them anyways if they were going to be successful with your current setup. Of course, it wouldn't mean much, since even if they got one installed they'd lose you very quickly when your DSL IP renewed.
Posted by Papa Moose (Member # 1992) on :
Lalo, I used to get such attacks almost hourly, and I think with the same program you're using. You learn to ignore them. Now I run through a router, and even though the program is still running (for popup and ad blocking and the outgoing stuff fugu mentioned), I get none of those warnings. Of course, they also switched me from static IP to dynamic IP, but I hooked up the router about a week before they did that, and the warnings stopped. I'll take a hardware firewall over a software firewall any day.
Bottom line, though, is that I wouldn't worry about the attack warnings. I think they're pretty much meaningless.
--Pop
Posted by fugu13 (Member # 2859) on :
<nitpick type="minor" reason="I'm a nitpicky geek, dangit"> While they're commonly called hardware firewalls, few routers out there actually are. The DLINKs and stuff you buy nowadays mostly run stripped down *nix distributions with one of the common *nix firewalls running. Nowadays stripped down linux installs are most common, I believe. While there are firewalls out there that implement their logic in hardware, they are very few and far between, and not sold to home consumers. </nitpick>
Posted by Bokonon (Member # 480) on :
Heh, I run my DSL through a linksys wireless router, AND I run ZoneAlarm Pro. I like the anal-retentive control ZAP gives when an application receives or sends over the network for the first time.
-Bok
Posted by Dr. Seuss (Member # 2487) on :
Zone Alarrm absolutely drives me crazy, if you really need a firewall that you want alerting you on you local PC, you need to check out TinyPersonal Firewall. If you can find the older releases they are even free.
-Zev
Posted by lcarus (Member # 4395) on :
quote:If you want to play with a piece of windows software that makes you click all over the place, there's always minesweeper.
That's interesting . . . and reassuring. I've got the same kind of setup that Dragonee described. Everytime I connected a new machine running Windows XP to it, when I explained the setup to the machine, the machine would tell me that this was a dangerous set-up, and that I should proxy my internet access through a single computer instead. Assuming I'm interpreting you guys correctly, I'm glad to know you disagree,
Posted by Argèn†~ (Member # 4528) on :
fugu13, this is the third thread I have seen you mention OS X in more than a passing manner in direct comparison to Windows. Are you becoming a salesman, or trying to earn a convert? Posted by fugu13 (Member # 2859) on :
![[Wink]](wink.gif)
![[ROFL]](graemlins/rofl.gif)