Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This is BS as far as I'm concerned. First off XP Home or Pro can't run SQL server. End that idea. Next I can not find one shred of information on how to defeat XP firewall besides using a Trojan as it is not stateful. If you geniuses know how please share as I'm curious. The XP firewall also stealths all your ports. Please explain how someone found this network? Please also explain why someone would waste time hacking a XP Pro box when there are much better targets out there such as unprotected Unix networks. FUD. Myth busted! Prove me wrong!
By the way I appreciate all help given to me by people on this site. I run RH 8 and host my own mail, dns and soon to be web server. I like Linux but this smells of BS to me.
OK Firstly, The XP native firewall has NO outgoing packet checks. There's a problem! BUT THE MAIN problem is that windows simply defaults new users as a root or Admin USER where is it SO hard to see this problem?
Originally posted by nidputerguy This is BS as far as I'm concerned. First off XP Home or Pro can't run SQL server. End that idea. Next I can not find one shred of information on how to defeat XP firewall besides using a Trojan as it is not stateful. If you geniuses know how please share as I'm curious. The XP firewall also stealths all your ports. Please explain how someone found this network? Please also explain why someone would waste time hacking a XP Pro box when there are much better targets out there such as unprotected Unix networks. FUD. Myth busted! Prove me wrong!
By the way I appreciate all help given to me by people on this site. I run RH 8 and host my own mail, dns and soon to be web server. I like Linux but this smells of BS to me.
I'm not a windows guy, so I can't vouch for the embedded SQL server, but it wouldn't surprise me. As far as the XP firewall goes, since you clearly are a genius, you would be aware of the following from microsoft's own website:
Quote:
ICF is considered a "stateful" firewall. A stateful firewall is one that monitors all aspects of the communications that cross its path and inspects the source and destination address of each message that it handles.
The XP firewall actually does have a security history. Up until SP2 the firewall didn't activate until farther in the startup process after all the network adapters were activated, so for a period you essentially had no firewall. As far as vulnerabilities, Microsoft has yet to fix the IPv6 vulnerability. Any packets that use IPv6 go right through like the firewall wasn't there (whoops). While neither of those are very likely, there are a a significant number of ways to get malicious code past the Windows XP firewall (malicious ActiveX and javascript in webpages, email, etc). Just like with any other operating system, having a firewall turned on doesn't somehow magically make you immune to vulnerabilites.
It's also naive to think that a cracker is going to leave your system alone just because it isn't a Cray at the DOD. Plenty of windows boxes get owned everyday, Just check your Apache logs :-]
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Urm, you might want to be less sure of yourself there bucko (nidputerguy). If you read my link, it clearly states that a SQL server is embedded in those two applications (System Monitor, and Office Dev. Edition). The same vulnerability applies, Microsoft went out of their way to state that.
Second, just because you have a firewall doesn't make you immune to all threats. "A" firewall is not a "good" firewall, necessarily. It might be possible to spoof packets through by using invalid TCP flags. It might be possible to sneak fragments through that the TCP stack will reassemble. Really, how much do you know about TCP/IP? Even your claim that you cannot find a network with stealth ports is ludicrous. If you send a packet to an IP that you know should be there, and it doesn't respond at all... aha! they're filtering the traffic. You should get either a TCP RST or an ICMP port unreachable under normal circumstances (with no firewall). Actually, have you even bother to look at the lastest version of nmap? It has a ton of extended features that do way more than I just mention, which makes it simply braindead easy to find someone, even if they are hiding behind a firewall that drops all packets. By the way, the security community is pretty unanimus in the opinion that the XP firewall is weak protection at best. Checkpoint wouldn't have just spent millions to buy Zone Labs if they didn't think there was still going to be a huge market for 3rd party firewalls for Windows.
If you were right, then no one could ever be hacked since the vast majority of all networks are now protected by some type of firewall, proxy, or screening router. As for why someone would "waste their time" trying to hack an XP box, isn't it obvious, or do you not read the security news (I do)? Any box is valuable if it can participate in a DDoS attack or send spam, even if it's on dial-up. Long gone are the days of ICMP flood DoS attacks, now it's all about the SYN floods, smurfs, etc...
And as for the last point where you dare any one to prove you wrong... uhh, that's already been done. Look at the snort logs, and look what he said about his XP box being compromised and needing reinstall. Are you going to say that his network just spontaneously started throwing around attack packets with a will of their own?
Originally posted by nidputerguy I like Linux but this smells of BS to me.
I wish I were joking buddy. I'm not some kid looking for attention, but a 30 year old IT professional hoping to post a log file and get some useful community feedback and possibly learn a thing or two for the future. Post your e-mail address, I'll send you the whole log. Maybe your "genius" will shed some more light on how I "faked" it.
As far as that smell you refer too, check your attitude because it "stinks". (I know, it's lame, but its all I could come up with.)
This place has some real pieces of work. How do I turn on the idiot firewall?
Click Start, click Control Panel, and then double–click Network Connections If your Control Panel is set to Category View, click Network and Internet Connections Then click Network Connections Click to select the Dial–up, LAN or High–Speed Internet connection that you want to protect (Or, within the Network Connections folder, right-click on the connection that you want to protect and then click Properties) click Change settings of this connection. On the Advanced tab under Internet Connection Firewall, select the following: select the Protect my computer and network by limiting or preventing access to this computer from the Internet check box. I recommend Zone Labs, though.
Originally posted by witeshark Click Start, click Control Panel, and then double–click Network Connections If your Control Panel is set to Category View, click Network and Internet Connections....
Uh,...thanks,...but that was a joke about keeping stupid people from posting stupid comments such as me making up the attack. If only there were a "firewall" that would block idiots! Get it?
Cool, Cool! This is what I want. People to share their knowlege about this. I figure starting a mild flame war might bring out some interesting information! I don't have time to read this whole set of posts but I'm curious to say the least what information everyone has. I also don't leave my site server up right now as I haven't had time to harden it. (little home network). Wish the company I work for took security seriously. They are so hacked and they don't even know it. Thanks for all the good posts!
All I ment was that any box can be a platform for a cracker to launch an attach. It might have been 2 years ago, but nothing is stopping someone from doing the same thing today. Email someone the bot, they open the file and it executes and installs the program.
Originally posted by m15a4 You must be doing some port or host mapping for the outsider to get in. Am I correct?
Nope, unless something is mapped by default. With the simplicity of the XP firewall, you can't make any assumptions so I'm not going to guess. I closed every port and thought I was fine. I have a Cisco PIX firewall with my DSL service, that was left over from work. I'm much more comfortable leaving my system on now.
wouldn't swear by Cisco Pix - it has its own flaws - implement a statefull firewall solution on your border, Astaro's asl, Smoothwall (linux flavours), you might want to research it farther and get a commercial solution I wouldn't go far to recommend CheckPoint because its best is not for SOHO environment - overkill. Good luck.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.