2 macs and a linux on a LAN

John F. Kohler jkohler2 at earthlink.net
Sat Aug 5 14:19:35 PDT 2000 

E Frank Ball wrote:

> } >
> } > When I was on the modem with the linux box, I found several ports are
> } > vulnerable.
> } >
> } > I don't know how a firewall works, but what it does, apparently is keep
> } > hackers out
> } > of your system, particularly important if you are not on occaisional dial-up
> } > but
> } > constantly connected to a static IP address such as I have on my DSL service.
>
>
> } Firewalls increase the level of complexity for attacks, but do not assume
> } that the firewall's protection is absolute.
>
> Very important point.  Don't ever assume a firewall is "finished"
> either.  It is forever a work in progress.
>
> } Part of a firewall is kind of a special filter that use packet information
> } to deny incoing requests based on your policies. An understanding of some
> } of the links sent in the last e-mail can help you better inform yourself
> } on what your firewall can protect you from, and what it cannot do anything
> } about.
>
> I wrote my firewall from scratch, after examining and trying several of
> the free firewalls distributed on the net.  I probably spent close to
> 100 hours "getting up to speed" on how to write a good firewall and get
> it written and in place.
>
> } Again, most home users have little risk of people groing through the
> } trouble to learn so much to "root" your home computer. Those that know
> } this and are willing to use it, tend to hit high profile targets.
> }
> } Home users have greater risk of the new MSIE beta crashing their machine,
> } or virus infections, or their anti-virus software crashing their machine
> } than they do of their "firewall-in-a-box" being peirced, but learning
> } about this stuff can be good for you - like broccoli. :-)
>
> I think you are underestimating the danger to the average home DSL user.
> There are thousands of "script kiddies" out there with little real
> knowledge downloading scripts to break into peoples computers and
> running them on every IP address they can imagine.  A good firewall will
> stop the script kiddies, but a knowlegible dedicated hacker could still
> get in.  This person is more likely to go after a bigger target (unless
> it is something personal).
>
> So start web surfing and find the security sites.  Here's one to get you
> started:  www.robertgraham.com/pubs/firewall-seen.html
> Also read the ipchains how to.
>

Thanks for the comments.  I guess my biggest enemy is my own complacency.

John

>
>    E Frank Ball                frankb at efball.com

More information about the talk mailing list