LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-10-2004, 12:30 AM   #16
nidputerguy
Member
 
Registered: Oct 2003
Posts: 47

Rep: Reputation: 15

This is BS as far as I'm concerned. First off XP Home or Pro can't run SQL server. End that idea. Next I can not find one shred of information on how to defeat XP firewall besides using a Trojan as it is not stateful. If you geniuses know how please share as I'm curious. The XP firewall also stealths all your ports. Please explain how someone found this network? Please also explain why someone would waste time hacking a XP Pro box when there are much better targets out there such as unprotected Unix networks. FUD. Myth busted! Prove me wrong!

By the way I appreciate all help given to me by people on this site. I run RH 8 and host my own mail, dns and soon to be web server. I like Linux but this smells of BS to me.
 
Old 02-10-2004, 12:38 AM   #17
witeshark
Member
 
Registered: Jan 2004
Location: Miami FL
Distribution: Mac OS X 10.4.11 Ubuntu 12.04 LTS
Posts: 429

Rep: Reputation: 30
Exclamation

OK Firstly, The XP native firewall has NO outgoing packet checks. There's a problem! BUT THE MAIN problem is that windows simply defaults new users as a root or Admin USER where is it SO hard to see this problem?

Last edited by witeshark; 02-10-2004 at 12:41 AM.
 
Old 02-10-2004, 02:14 AM   #18
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Quote:
Originally posted by nidputerguy
This is BS as far as I'm concerned. First off XP Home or Pro can't run SQL server. End that idea. Next I can not find one shred of information on how to defeat XP firewall besides using a Trojan as it is not stateful. If you geniuses know how please share as I'm curious. The XP firewall also stealths all your ports. Please explain how someone found this network? Please also explain why someone would waste time hacking a XP Pro box when there are much better targets out there such as unprotected Unix networks. FUD. Myth busted! Prove me wrong!

By the way I appreciate all help given to me by people on this site. I run RH 8 and host my own mail, dns and soon to be web server. I like Linux but this smells of BS to me.
I'm not a windows guy, so I can't vouch for the embedded SQL server, but it wouldn't surprise me. As far as the XP firewall goes, since you clearly are a genius, you would be aware of the following from microsoft's own website:

Quote:
ICF is considered a "stateful" firewall. A stateful firewall is one that monitors all aspects of the communications that cross its path and inspects the source and destination address of each message that it handles.
Here's the link in case you doubt the veracity of it:
http://www.microsoft.com/technet/tre...g_firewall.asp

The XP firewall actually does have a security history. Up until SP2 the firewall didn't activate until farther in the startup process after all the network adapters were activated, so for a period you essentially had no firewall. As far as vulnerabilities, Microsoft has yet to fix the IPv6 vulnerability. Any packets that use IPv6 go right through like the firewall wasn't there (whoops). While neither of those are very likely, there are a a significant number of ways to get malicious code past the Windows XP firewall (malicious ActiveX and javascript in webpages, email, etc). Just like with any other operating system, having a firewall turned on doesn't somehow magically make you immune to vulnerabilites.

It's also naive to think that a cracker is going to leave your system alone just because it isn't a Cray at the DOD. Plenty of windows boxes get owned everyday, Just check your Apache logs :-]
 
Old 02-10-2004, 03:08 AM   #19
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Urm, you might want to be less sure of yourself there bucko (nidputerguy). If you read my link, it clearly states that a SQL server is embedded in those two applications (System Monitor, and Office Dev. Edition). The same vulnerability applies, Microsoft went out of their way to state that.

Second, just because you have a firewall doesn't make you immune to all threats. "A" firewall is not a "good" firewall, necessarily. It might be possible to spoof packets through by using invalid TCP flags. It might be possible to sneak fragments through that the TCP stack will reassemble. Really, how much do you know about TCP/IP? Even your claim that you cannot find a network with stealth ports is ludicrous. If you send a packet to an IP that you know should be there, and it doesn't respond at all... aha! they're filtering the traffic. You should get either a TCP RST or an ICMP port unreachable under normal circumstances (with no firewall). Actually, have you even bother to look at the lastest version of nmap? It has a ton of extended features that do way more than I just mention, which makes it simply braindead easy to find someone, even if they are hiding behind a firewall that drops all packets. By the way, the security community is pretty unanimus in the opinion that the XP firewall is weak protection at best. Checkpoint wouldn't have just spent millions to buy Zone Labs if they didn't think there was still going to be a huge market for 3rd party firewalls for Windows.

If you were right, then no one could ever be hacked since the vast majority of all networks are now protected by some type of firewall, proxy, or screening router. As for why someone would "waste their time" trying to hack an XP box, isn't it obvious, or do you not read the security news (I do)? Any box is valuable if it can participate in a DDoS attack or send spam, even if it's on dial-up. Long gone are the days of ICMP flood DoS attacks, now it's all about the SYN floods, smurfs, etc...

And as for the last point where you dare any one to prove you wrong... uhh, that's already been done. Look at the snort logs, and look what he said about his XP box being compromised and needing reinstall. Are you going to say that his network just spontaneously started throwing around attack packets with a will of their own?

Last edited by chort; 02-10-2004 at 03:10 AM.
 
Old 02-10-2004, 07:39 AM   #20
ghight
Member
 
Registered: Jan 2003
Location: Indiana
Distribution: Centos, RedHat Enterprise, Slackware
Posts: 524

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by nidputerguy
I like Linux but this smells of BS to me.
I wish I were joking buddy. I'm not some kid looking for attention, but a 30 year old IT professional hoping to post a log file and get some useful community feedback and possibly learn a thing or two for the future. Post your e-mail address, I'll send you the whole log. Maybe your "genius" will shed some more light on how I "faked" it.

As far as that smell you refer too, check your attitude because it "stinks". (I know, it's lame, but its all I could come up with.)

This place has some real pieces of work. How do I turn on the idiot firewall?

Last edited by ghight; 02-10-2004 at 11:04 AM.
 
Old 02-10-2004, 01:21 PM   #21
witeshark
Member
 
Registered: Jan 2004
Location: Miami FL
Distribution: Mac OS X 10.4.11 Ubuntu 12.04 LTS
Posts: 429

Rep: Reputation: 30
Click Start, click Control Panel, and then double–click Network Connections If your Control Panel is set to Category View, click Network and Internet Connections Then click Network Connections Click to select the Dial–up, LAN or High–Speed Internet connection that you want to protect (Or, within the Network Connections folder, right-click on the connection that you want to protect and then click Properties) click Change settings of this connection. On the Advanced tab under Internet Connection Firewall, select the following: select the Protect my computer and network by limiting or preventing access to this computer from the Internet check box. I recommend Zone Labs, though.
 
Old 02-10-2004, 01:31 PM   #22
ghight
Member
 
Registered: Jan 2003
Location: Indiana
Distribution: Centos, RedHat Enterprise, Slackware
Posts: 524

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by witeshark
Click Start, click Control Panel, and then double–click Network Connections If your Control Panel is set to Category View, click Network and Internet Connections....
Uh,...thanks,...but that was a joke about keeping stupid people from posting stupid comments such as me making up the attack. If only there were a "firewall" that would block idiots! Get it?

Who couldn't use one of those?
 
Old 02-10-2004, 02:09 PM   #23
witeshark
Member
 
Registered: Jan 2004
Location: Miami FL
Distribution: Mac OS X 10.4.11 Ubuntu 12.04 LTS
Posts: 429

Rep: Reputation: 30
ghight Oh ok yeah I see it *chuckle*
 
Old 02-13-2004, 07:35 PM   #24
nidputerguy
Member
 
Registered: Oct 2003
Posts: 47

Rep: Reputation: 15
Awesome!

Cool, Cool! This is what I want. People to share their knowlege about this. I figure starting a mild flame war might bring out some interesting information! I don't have time to read this whole set of posts but I'm curious to say the least what information everyone has. I also don't leave my site server up right now as I haven't had time to harden it. (little home network). Wish the company I work for took security seriously. They are so hacked and they don't even know it. Thanks for all the good posts!
 
Old 02-13-2004, 10:58 PM   #25
m15a4
Member
 
Registered: Sep 2003
Distribution: SuSE 10
Posts: 55

Rep: Reputation: 15
Maybe I'm missing something, but you seem to be running NAT. You must be doing some port or host mapping for the outsider to get in. Am I correct?
 
Old 02-14-2004, 11:56 PM   #26
tangle
Senior Member
 
Registered: Apr 2002
Location: Smithville, TN
Distribution: Slackware
Posts: 1,749

Rep: Reputation: 71
@nidputerguy
You might want to go here http://grc.com/dos/grcdos.htm and take a look at why someone would want to attack a loanly old Win box.
 
Old 02-15-2004, 12:35 PM   #27
witeshark
Member
 
Registered: Jan 2004
Location: Miami FL
Distribution: Mac OS X 10.4.11 Ubuntu 12.04 LTS
Posts: 429

Rep: Reputation: 30
That happened quite a long time ago. Things have changed a bit, but as we saw with doom, the same basic concept was used. *sigh*
 
Old 02-15-2004, 06:14 PM   #28
tangle
Senior Member
 
Registered: Apr 2002
Location: Smithville, TN
Distribution: Slackware
Posts: 1,749

Rep: Reputation: 71
All I ment was that any box can be a platform for a cracker to launch an attach. It might have been 2 years ago, but nothing is stopping someone from doing the same thing today. Email someone the bot, they open the file and it executes and installs the program.
 
Old 02-16-2004, 12:35 PM   #29
ghight
Member
 
Registered: Jan 2003
Location: Indiana
Distribution: Centos, RedHat Enterprise, Slackware
Posts: 524

Original Poster
Rep: Reputation: 30
Quote:
Originally posted by m15a4
You must be doing some port or host mapping for the outsider to get in. Am I correct?
Nope, unless something is mapped by default. With the simplicity of the XP firewall, you can't make any assumptions so I'm not going to guess. I closed every port and thought I was fine. I have a Cisco PIX firewall with my DSL service, that was left over from work. I'm much more comfortable leaving my system on now.
 
Old 02-17-2004, 10:37 PM   #30
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Rep: Reputation: 56
wouldn't swear by Cisco Pix - it has its own flaws - implement a statefull firewall solution on your border, Astaro's asl, Smoothwall (linux flavours), you might want to research it farther and get a commercial solution I wouldn't go far to recommend CheckPoint because its best is not for SOHO environment - overkill. Good luck.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
log system hacked? mikechao Linux - Security 3 09-14-2005 10:46 PM
Snort don't want log to mysql lcat Slackware 1 03-07-2005 07:20 AM
I can't get snort to log anything abefroman Linux - Security 2 09-07-2004 09:09 AM
SNort&log JuBeC Linux - Security 1 05-04-2004 09:33 PM
Snort is not log chamkila Linux - Security 19 06-18-2003 02:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration