This is BS as far as I'm concerned. First off XP Home or Pro can't run SQL server. End that idea. Next I can not find one shred of information on how to defeat XP firewall besides using a Trojan as it is not stateful. If you geniuses know how please share as I'm curious. The XP firewall also stealths all your ports. Please explain how someone found this network? Please also explain why someone would waste time hacking a XP Pro box when there are much better targets out there such as unprotected Unix networks. FUD. Myth busted! Prove me wrong!

By the way I appreciate all help given to me by people on this site. I run RH 8 and host my own mail, dns and soon to be web server. I like Linux but this smells of BS to me.

I'm not a windows guy, so I can't vouch for the embedded SQL server, but it wouldn't surprise me. As far as the XP firewall goes, since you clearly are a genius, you would be aware of the following from microsoft's own website:

Here's the link in case you doubt the veracity of it:
http://www.microsoft.com/technet/tre...g_firewall.asp

The XP firewall actually does have a security history. Up until SP2 the firewall didn't activate until farther in the startup process after all the network adapters were activated, so for a period you essentially had no firewall. As far as vulnerabilities, Microsoft has yet to fix the IPv6 vulnerability. Any packets that use IPv6 go right through like the firewall wasn't there (whoops). While neither of those are very likely, there are a a significant number of ways to get malicious code past the Windows XP firewall (malicious ActiveX and javascript in webpages, email, etc). Just like with any other operating system, having a firewall turned on doesn't somehow magically make you immune to vulnerabilites.

It's also naive to think that a cracker is going to leave your system alone just because it isn't a Cray at the DOD. Plenty of windows boxes get owned everyday, Just check your Apache logs :-]

Urm, you might want to be less sure of yourself there bucko (nidputerguy). If you read my link, it clearly states that a SQL server is embedded in those two applications (System Monitor, and Office Dev. Edition). The same vulnerability applies, Microsoft went out of their way to state that.

Second, just because you have a firewall doesn't make you immune to all threats. "A" firewall is not a "good" firewall, necessarily. It might be possible to spoof packets through by using invalid TCP flags. It might be possible to sneak fragments through that the TCP stack will reassemble. Really, how much do you know about TCP/IP? Even your claim that you cannot find a network with stealth ports is ludicrous. If you send a packet to an IP that you know should be there, and it doesn't respond at all... aha! they're filtering the traffic. You should get either a TCP RST or an ICMP port unreachable under normal circumstances (with no firewall). Actually, have you even bother to look at the lastest version of nmap? It has a ton of extended features that do way more than I just mention, which makes it simply braindead easy to find someone, even if they are hiding behind a firewall that drops all packets. By the way, the security community is pretty unanimus in the opinion that the XP firewall is weak protection at best. Checkpoint wouldn't have just spent millions to buy Zone Labs if they didn't think there was still going to be a huge market for 3rd party firewalls for Windows.

If you were right, then no one could ever be hacked since the vast majority of all networks are now protected by some type of firewall, proxy, or screening router. As for why someone would "waste their time" trying to hack an XP box, isn't it obvious, or do you not read the security news (I do)? Any box is valuable if it can participate in a DDoS attack or send spam, even if it's on dial-up. Long gone are the days of ICMP flood DoS attacks, now it's all about the SYN floods, smurfs, etc...

And as for the last point where you dare any one to prove you wrong... uhh, that's already been done. Look at the snort logs, and look what he said about his XP box being compromised and needing reinstall. Are you going to say that his network just spontaneously started throwing around attack packets with a will of their own?

I wish I were joking buddy. I'm not some kid looking for attention, but a 30 year old IT professional hoping to post a log file and get some useful community feedback and possibly learn a thing or two for the future. Post your e-mail address, I'll send you the whole log. Maybe your "genius" will shed some more light on how I "faked" it.

As far as that smell you refer too, check your attitude because it "stinks". (I know, it's lame, but its all I could come up with.)

This place has some real pieces of work. How do I turn on the idiot firewall?

Uh,...thanks,...but that was a joke about keeping stupid people from posting stupid comments such as me making up the attack. If only there were a "firewall" that would block idiots! Get it?

Who couldn't use one of those?

ghight Oh ok yeah I see it *chuckle*

Cool, Cool! This is what I want. People to share their knowlege about this. I figure starting a mild flame war might bring out some interesting information! I don't have time to read this whole set of posts but I'm curious to say the least what information everyone has. I also don't leave my site server up right now as I haven't had time to harden it. (little home network). Wish the company I work for took security seriously. They are so hacked and they don't even know it. Thanks for all the good posts!

Maybe I'm missing something, but you seem to be running NAT. You must be doing some port or host mapping for the outsider to get in. Am I correct?

@nidputerguy
You might want to go here http://grc.com/dos/grcdos.htm and take a look at why someone would want to attack a loanly old Win box.

All I ment was that any box can be a platform for a cracker to launch an attach. It might have been 2 years ago, but nothing is stopping someone from doing the same thing today. Email someone the bot, they open the file and it executes and installs the program.

Nope, unless something is mapped by default. With the simplicity of the XP firewall, you can't make any assumptions so I'm not going to guess. I closed every port and thought I was fine. I have a Cisco PIX firewall with my DSL service, that was left over from work. I'm much more comfortable leaving my system on now.

wouldn't swear by Cisco Pix - it has its own flaws - implement a statefull firewall solution on your border, Astaro's asl, Smoothwall (linux flavours), you might want to research it farther and get a commercial solution I wouldn't go far to recommend CheckPoint because its best is not for SOHO environment - overkill. Good luck.