LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-01-2005, 03:38 AM   #1
oneandoneis2
Senior Member
 
Registered: Nov 2003
Location: London, England
Distribution: Ubuntu
Posts: 1,458

Rep: Reputation: 45
Firewall usefulness


I should probably make it clear right from the start that I DO have a firewall set up with a sane policy, i.e. Drop everything

But I'm just wondering about firewall usefulness at the moment. Right now, for instance, I don't have any services running: No Apache, no SSH, no telnet etc. So there's nothing listening on any port.

Does that mean I could switch off my firewall in perfect safety? After all, nothing is listening, so presumably any attacks directed at me will fall on deaf ears and be ignored?

Sometimes I have SSH running so my gf can connect to my box from hers over our LAN. At that point, of course, a firewall is good because I can limit traffic to the SSH port to her machine only, and no WAN attacks can take place on it.

But for day-to-day running when nothing is listening on any port, does a firewall really do anything?
 
Old 03-01-2005, 03:45 AM   #2
satinet
Senior Member
 
Registered: Feb 2004
Location: England
Distribution: Slackware 11, Sabayon 3.1
Posts: 1,464

Rep: Reputation: 46
yes it does.

A good firewall has two parts:

NAT
SPI

NAT means that your true IP is hidden and no PC can address your machine directly.
NAT means network address translation. Otherwise someone/something will be able to attack your PC directly - Scanning ports, DOS, and so so.....

SPi means statefull packet insecption. Bascially it ignores packets that you haven't asked for and shields you lan behind it's IP address. It examines packets and makes sure they are ones that you have requested....

So I would keep it on. I think the main point is that your IP will be visible to the wider world... not good.........
 
Old 03-01-2005, 03:58 AM   #3
oneandoneis2
Senior Member
 
Registered: Nov 2003
Location: London, England
Distribution: Ubuntu
Posts: 1,458

Original Poster
Rep: Reputation: 45
I don't think I was clear in my original post. This is the firewall running on my own PC that I'm referring to, not the router.

Quote:
NAT means network address translation. Otherwise someone/something will be able to attack your PC directly - Scanning ports, DOS, and so so.....
But surely, if I have no ports open, it's irrelevant if somebody scans them?

And I'm not sure I follow about a DOS. If somebody floods my bandwidth with enough traffic to jam it up, then even if my firewall ignores those packets, they'll still be clogging up the connection itself, won't they? That is, I have a 512k broadband link. If somebody fires data at me at 512k, then whether I 'listen' to that traffic or not, it's still going to kill my connection, isn't it?

For that matter, since the firewall will be analysing all those packets to see if it should allow them or not, wouldn't the DOS be MORE of a burden with a firewall than without, since traffic directed at a non-existant port wil just be dropped rather than analysed?
 
Old 03-03-2005, 03:06 AM   #4
satinet
Senior Member
 
Registered: Feb 2004
Location: England
Distribution: Slackware 11, Sabayon 3.1
Posts: 1,464

Rep: Reputation: 46
I really think you should be running a firewall.

I was thinking you had a seperate firewall.

However, even a software firewall will drop packets that it deems dangerous.

You still have some ports open.... There are methods like brute force.

not to mention that there may be other vulnerabilties that may be exploited...

Your best solution would be to get a seperate firewall.

It's your tears if u don't........
 
Old 03-03-2005, 03:47 AM   #5
floppywhopper
Member
 
Registered: Aug 2004
Location: Albany, Western Australia
Distribution: Mageia 2, SME Server 8
Posts: 617
Blog Entries: 2

Rep: Reputation: 54
I use Tiny firewall on Win 98 behind a Smoothwall.

Very good policy for windows users.
Smoothwall ( and others ) only stops intrusions not anything on your win computer trying to access the internet without your permission. Programs like Realplayer, Adobe reader, etc etc just to name a few who all want to update themselves or whatever whenever they want. Thats where Tiny comes in, anything ( and I mean everything ) that wants out must have my permission first.
Picked up a virus a while back, AVG clocked it but not before it wanted to connect back to head office thats when Tiny told me it had got past the antivirus. Ran AVG and got rid of it but Tiny stopped it from doing anything else before I got to it.

I have a thing about programs on my computer running on the net without my permission so use Tiny firewall or similar.

hope this helps
live long and prosper
floppy
 
Old 03-03-2005, 10:51 AM   #6
Kerberus
LQ Newbie
 
Registered: Mar 2005
Posts: 10

Rep: Reputation: 0
Answering your question NO not a good idea to have nothing managing packets for you.
Even if you donít have any ports open TCP RFCís dictate (even when MS doesnít follow them) that closed ports reply with RST flags, someone could target your system and flood lots of ports with a faked IP, backscatter RST flags in turn from your system will go to the faked address. If your connection is substantial enough you could then slow them down, now youíre responsible as itís your system.

Now air gap security thatís secure.

Kerberus
 
Old 03-03-2005, 11:05 AM   #7
satinet
Senior Member
 
Registered: Feb 2004
Location: England
Distribution: Slackware 11, Sabayon 3.1
Posts: 1,464

Rep: Reputation: 46
Yeah,

I agree. I just took it as read that it's important to have a firewall. It's almost hard to justify - it's such a given.
IPCOP/Smoothwall are pretty good if u have a spare PC at hand.

Even a software firewall is better than nothing.

I looked at my firewall logs last night. It's really surprising how many port scans etc happen against your firewall....

I'm trying to learn more about this area - got myself Knoppix STD
 
Old 03-03-2005, 11:15 AM   #8
oneandoneis2
Senior Member
 
Registered: Nov 2003
Location: London, England
Distribution: Ubuntu
Posts: 1,458

Original Poster
Rep: Reputation: 45
Cheers all for the answers. It looks like I was right to think that firewall IS a good idea even when hiding behind a router and not running any services.

And they say I'm just paranoid
 
Old 03-03-2005, 12:37 PM   #9
jonlake
Member
 
Registered: Apr 2004
Distribution: Slackware 11.0, Gentoo
Posts: 252

Rep: Reputation: 31
Read this

If you have time, read this thread.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
can lower run levels boost usefulness of older computers? dr_zayus69 Linux - Software 4 08-29-2005 06:25 PM
Firewall lets ips which are not in the firewall ... why ? sys7em Linux - Networking 2 06-30-2005 12:50 PM
Firewall with features of a Sidewinder firewall? abcampa Linux - Security 4 04-22-2005 04:24 PM
slackware's /etc/rc.d/rc.firewall equivalent ||| firewall script startup win32sux Debian 1 03-06-2004 09:15 PM
Firewall Builder sample firewall policy file ? (.xml) nuwanguy Linux - Networking 0 09-13-2003 12:32 PM


All times are GMT -5. The time now is 08:03 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration