LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-02-2003, 02:07 PM   #1
Xylon
Member
 
Registered: Sep 2003
Location: Newfoundland, Canada
Distribution: Slackware 9.0
Posts: 44

Rep: Reputation: 15
Crack my system - I think Firewall's are unnecessary


[DELETED CONTENT]

I have never (that I know of) had my system comprimised and I believe all the stress on putting up a firewall is blown way out of proportion. And if some idiot does get in a decides to delete everything or something -- well there is NOTHING important on my system in the first place.

Last edited by unSpawn; 10-02-2003 at 03:26 PM.
 
Old 10-02-2003, 02:30 PM   #2
Xylon
Member
 
Registered: Sep 2003
Location: Newfoundland, Canada
Distribution: Slackware 9.0
Posts: 44

Original Poster
Rep: Reputation: 15
I have also just discovered that my system does not respond to ping requests. I think many security folk would consider this a good thing, but I do NOT see a serious risk in my computer responding to a ping requests and I would prefer it did.

Does anyone know what it's not? I have no idea.
 
Old 10-02-2003, 03:21 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
//moderator.note: please do not advertise or encourage attacking, cracking or other subversive activities in clear violation of the LQ rules. Please do not advertise public IP addresses. And no, it does not matter if the IP address is yours or not.
 
Old 10-02-2003, 06:42 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Re: Crack my system - I think Firewall's are unnecessary

Quote:
Originally posted by Xylon

I have never (that I know of) had my system comprimised and I believe all the stress on putting up a firewall is blown way out of proportion. And if some idiot does get in a decides to delete everything or something -- well there is NOTHING important on my system in the first place.
Wow that's brilliant. But I would imagine that WHEN your box is cracked and used as a dDOS zombie or as a jump point to attack other machines, that other people might care a little bit more than you do. You're kidding yourself if you don't believe that people are out there actively looking for vulnerable machines. Don't believe me? Turn on ethereal or Snort for a few minutes and see what is actually going on out there. It will change your mind in a second. Well at least we'll all know were to find illegal pr0n and cracked warez from now on. Good Luck with that.

Last edited by Capt_Caveman; 10-02-2003 at 06:44 PM.
 
Old 10-02-2003, 08:37 PM   #5
Xylon
Member
 
Registered: Sep 2003
Location: Newfoundland, Canada
Distribution: Slackware 9.0
Posts: 44

Original Poster
Rep: Reputation: 15
I am NOT denying that there may be millions of hackers/crackers out there with malicious intents. What I AM saying is that everybody is gone firewall crazy.

For example, since telnet and ftp for example are simply not running on my system the ports respond as closed. So even if ftp and telnet DO have an infinite number of holes it is irrelevant. I don't need those ports 'stealthed' by a firewall, closed is good enough.

Also suppose someone realizes SWAT is running on my system and they can connect to it. Even so, it still asks for a username/password. Since I use strong passwords it is virtually impossible for them to guess it. So exposed services that are password protected are still secure without a firewall.

What's left? Even if people are pinging my machine when I don't have services running or even when they ARE with password-protected ones that ARE running then they still do not have access to my system.

In my experience putting up a Firewall stops lots of useful data. That is being sent to games, instant message clients, etc, etc. And when some people get a firewall they see all this traffic and get scared. Alot of things sending messages to your computer are, for example, your ISP checking your connection.

I think that putting up a firewall makes people too lazy to properly secure their systems and the firewall blocks plenty of useful traffic.
 
Old 10-02-2003, 08:52 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
What I AM saying is that everybody is gone firewall crazy.
Care to back that statement up with cold hard facts?


Since I use strong passwords it is virtually impossible for them to guess it. So exposed services that are password protected are still secure without a firewall.
So you find relying solely on passwords a good method for restricting access, and who cares it ain't SSL-ised or wrapped...


I think that putting up a firewall makes people too lazy to properly secure their systems and the firewall blocks plenty of useful traffic.
...then by all means help us out educating people in a helpful, positive and responsable way.
 
Old 10-02-2003, 09:08 PM   #7
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Not running services isn't a "cure-all" solution. It helps, but you still have things like Xinetd lurking around. And if you have exposed services, you could use the best passwords in the world and it won't make an ounce of difference when someone runs a buffer overflow exploit against you...instant shell access, followed by a local root exploit (p-trace maybe?) and guess what, they're now root on your system.

It's really not that difficult to construct a rudimentry firewall that can block 90% of probes and exploits and still lets the traffic you want in and out. There are a number of GUI firewalling tools that can help simplify the process.

You're right in that firewalling by itself isn't a "cure-all" either, but if it's available, why not take advantage of it? A good approach to security is a multi-layered system with as unSpawn puts it, "no single point of failure".
 
Old 10-02-2003, 09:13 PM   #8
Xylon
Member
 
Registered: Sep 2003
Location: Newfoundland, Canada
Distribution: Slackware 9.0
Posts: 44

Original Poster
Rep: Reputation: 15
What I AM saying is that everybody is gone firewall crazy.
Care to back that statement up with cold hard facts?

On www.microsoft.com there is a big graphic at the top of the front page that says "Protect your PC". When you click it lists three steps for protecting your PC. The FIRST step is "Use an Internet Firewall." So Microsoft is telling ALL of it's customers to turn on a firewall. At least on the instructions they warn people: "However, it also blocks some useful network communication tasks."

Or on this news.com article: http://news.com.com/2100-1002-5085251.html?tag=nl

It says Microsoft's Trustworthy Computing initiative has failed and they are going to focus on a new shield strategy. A quote from the article: "He did say that part of the effort will be a deeper relationship with firewall providers."

So obviously from the news.com article and the Protect your PC guide on their website Microsoft is going to be strongly pushing firewalls because users are not downloading patches in time. Which leaves the impression of "Firewalls are going to be the answer instead of fixing the original security hole."

Microsoft software runs most of the computers on the planet and Microsoft is encouraging people to firewall-up.

However many Linux users will say that Windows is known for being terrible securuity and that Linux is much better. Security is considered an advantage Linux has over Windows. But most of the newbie guides/HOW-TOs I look at on Linux security stress the importance of a firewall. They don't mention a firewall may block useful or neutral traffic, and that's what most traffic is. Then when the newbie has a problem with program X (perhaps starting a diablo II game or sending a file with an instant messenger) they have to figure out the firewall is what is stopping it from working.

I've always felt that just putting up a firewall and relaxing is a work-around and not a real solution. Sure, maybe the department of defense needs once but just joe-blow-linux-hobbyist at home *need* a firewall as documentation seems to suggest?
 
Old 10-02-2003, 09:23 PM   #9
leeach
Member
 
Registered: Sep 2003
Location: /dev/null
Distribution: FreeBSD 5.4, OpenBSD 3.7
Posts: 95

Rep: Reputation: 15
You sir, are a joke. And trust me its not an insult. But I assure you, if and when your'e seemingly "Closed" system does get breached, you'll be eating your words, and going to do some serious tutorial reading on setting up a firewall to let you play your games...lol
 
Old 10-02-2003, 09:35 PM   #10
Xylon
Member
 
Registered: Sep 2003
Location: Newfoundland, Canada
Distribution: Slackware 9.0
Posts: 44

Original Poster
Rep: Reputation: 15
I am not a security expert. But realistically, if I install Slackware with default settings, do NOT put up a firewall, and remember to UDPATE packages quickly as security exploits arise, am I really at risk? Sure maybe it is theoritically possible, but as far as I can tell the only time I'm at risk is the period between a security exploit being found and me updating the package to fix the vulnerability. Before I update the package I admit I am vulnerable to that particular exploit between the time it's discovered and the time I update but OTHER than that I don't see my little home computer being particularly at risk.

Where can I find specific examples about how I could break into my own system from a remote location?
 
Old 10-02-2003, 10:18 PM   #11
m0rl0ck
Member
 
Registered: Nov 2002
Distribution: A totally 133t distro :)
Posts: 358

Rep: Reputation: 31
Quote:
I update but OTHER than that I don't see my little home computer being particularly at risk.
Actually I dont either, provided you know exactly what youre running. If you like what you see when you run "netstat -pantu" and your confident that you have everything patched up to date, youre probably ok, assuming that you as a user dont open any ports in the course of your computer use that might jepordize youre security.
A single knowledgable user on a single computer has some degree of safety. What firewalls are about is protecting a network or in my case, on my home network, protecting my desktop machine so that I dont have to worry so much if I want to experiment or if Im too preoccupied to keep up with the latest patches. Thats what firewalls are about providing enough security so that you dont have to worry about a user (even yourself) unintentionally compromising your network. Myself I'd just rather not have to worry about security that much so I have a firewall with one port open 9111, with sshd running on that port, accessable only through my isps shell account server, no root logins and its started from init so if my firewall machine goes down sshd is one of the last processes to die.
So I know that if I keep openssh patched up to date I have the best possible expectation of security. So youll probably be ok right up until you unintentionally open a port running something you didnt keep up with because you didnt use it often.

And just a word about xinetd since it came up. It isnt worth running, at its worst it establishes a situation where services are dependent on each other (you might as well be running win2k) and at its best .... well i cant even think of anything there are better ways to control access to services.
 
Old 10-02-2003, 10:36 PM   #12
fsbooks
Member
 
Registered: Jan 2002
Location: Missoula. Montana, USA
Distribution: Slackware (various)
Posts: 458

Rep: Reputation: 42
I agree with you Xylon. People are really going Xonkers, with an over emphasis on security,and, as a result, not taking advantage of the services offered by the internet. IWhy have a powerful machine and operating system if you are not going to use it. Worse, the so called internet service offered by many ISP's is increasingly firewalled at the source, even taking away the options of running a home mail server, ftp/http server, or whatever. It is turning the internet into little more than a fancy television for many.

The university where I work is implementing a firewall. We have to get special disposition to run an ftp server or even an http server. The authorities that be are not sure they will open port 22 for ssh (which allows working from home easily), and plan to route all incoming mail through a central server (in part to prevent 'viruses' that do not affect our linux/unix machines and in part to keep a copy of all messages for homeland `security`). It is all overblown and based on, for the most part, unwarrented fear.

However, it is important as you said, to keep packages updated. It is also important to monitor logfiles and general processes. One should also of course, have a full backup to be able to recover from the total lose of a system. For those who want to be ignorant (and a majority of American's believe Saddam Hussein was behind the Sept 11 2001 trade tower attacks, so there are many), a strong firewall out of the box is probably good.
 
Old 10-02-2003, 10:41 PM   #13
Xylon
Member
 
Registered: Sep 2003
Location: Newfoundland, Canada
Distribution: Slackware 9.0
Posts: 44

Original Poster
Rep: Reputation: 15
Actually I dont either, provided you know exactly what youre running

Thank you.

That is my point: a single Linux computer can be brought to a high level of security before or without enabling a firewall.

Firewalls provide a very strong EXTRA layer of security. It is possible to be safe without it. Activating a firewall on my machine is like haveing five-foot-thick wall to stop someone from shooting at me with a water pistol. It's overkill.
 
Old 10-02-2003, 10:47 PM   #14
Xylon
Member
 
Registered: Sep 2003
Location: Newfoundland, Canada
Distribution: Slackware 9.0
Posts: 44

Original Poster
Rep: Reputation: 15
fsbooks you are 100% correct.

I knew someone who worked at an office and his Internet connection there was behind a corporate firewall that was configured to ONLY allow Internet Explorer and Outlook Express communicate with the Internet. The firewall even denied NETSCAPE access to the internet!! Overkill. This is not the same but is very similar to the University you work at.
 
Old 10-02-2003, 11:11 PM   #15
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Maybe I'm missing something, but how is running a firewall being overzealous? It's not that difficult to build a firewall that allows ALL of the traffic that you want, but minimizes unwanted traffic. People post here and successfully come up with reasonable firewalls day after day, so it's not like you have to have a PhD in CS to design one.

Filtering of ports by ISPs is a completely different matter. The situtation has unfortunately reached the point where network performance takes such a hit because Joe user doesn't want to firewall/patch his system, so now him and 150,000 other imbeciles are flooding the 'net with CodeRed/Blaster/etc scans. I don't particularly agree with their solution, but if people would actually take the extra time to secure their systems, it would be a non-issue.

If you guys don't want to run a firewall, well then more power to ya! But I think I've seen enough "Help my box is hacked" posts here to "enlighten" me otherwise. Setting up a basic firewall, access control, minimizing public services, and maintaining general security practices will end up costing you much less in time and effort than rebuilding your boxes.

Running a firewall will provide security to areas that aren't protected by simply turning off services or by using tcp_wrappers. You can pretend that you're 100% safe, but you're not.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Which services are unnecessary? revenant Linux - Security 4 03-28-2004 11:43 PM
Kernel 2.6 and Firewall's ghostwalker Linux - Security 4 01-26-2004 03:36 AM
unnecessary user accounts linen0ise Slackware 2 09-19-2003 09:27 AM
Firewall's and MSBlast qwijibow Linux - Security 15 08-26-2003 09:54 PM
Firewall's proxy settings. silverstriip Linux - Networking 1 08-20-2003 02:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration