Re: Raw Sockets

From: Chen Yixiong, Eric (cyixiong@yahoo.com)
Date: Sat Aug 11 2001 - 05:31:42 MDT


> >2) Viruses and trojans cannot send spoofed packets if they cannot enter
> >your computer (such as due to firewalls, anti-viral, anti-trojan,
> >intrusion detection software or proper design of the OS).
>
> That is true too. But you only need a small fraction of the population
> operating unsafe machines to have problems like Denial Of Service attacks,
> for instance. Then it doesn't matter how safe everybody else's computers are.

True.

 
> I should mention here that everybody running MS operating systems should
> get ZoneAlarm ( http://www.zonelabs.com ). It is free for noncommercial use
> and is a very efficient firewall. You will be horrified at how many times
> your machine is probed.

The Zonealarm firewall, which on a few occassions gave me problems on Windows 2000, no longer runs on my computers. I use a combination of 2 firewalls on my gateway machine until it went down due to a nasty hard disk failure (yeah, ok, I know I shouldn't skimp on hard disks).

Before you think the more firewalls the merrier, do understand that you have to sacrifice some performance for each firewall you install, that you have to configure them not to interfere with each other and if you should install them to compliment each other's strengths, not for redunancy.

You can get a great free Tiny firewall at www.tinysoftware.com which, in my opinion, simply beats all other personal firewalls in terms of design and stability. If you have some money to spend, instead of Zonealarm Pro, get BlackICE (www.networkice.com).

I know Steve @ grc.com seems to dislike them, but from the viewpoint of a administrator of a commerical server with a home network of 7 PCs and 2 year's experience with network security, I recommend it for its prowess at Intrusion Detection. Use it in conjunction with Tiny Firewall, and with a good dose of knowledge on configuring firewalls, you will give those hackers lots of headaches. Remember who you heard this from!

Anyway, Steve may not seem that good after all. I read up something about him here, which I just dug up from my archives (http://vmyths.com/rant.cfm?id=348&page=4). Uh-oh, what to make of it? Moral of the story: It pays to know a person as well as his (or her) sworn enemy.

> There is no sensible reason to allow easy
> access to raw sockets that WindowsXP is going to give. Having the entire
> computer stand or fall on the basis of a single non-human-readable file
> (the registry) is asking for problems. I could go on and on...

I think that, yes, placing that stack in really sounds like a recipe for disaster. Maybe you can sue them the next time your server gets hit or your poor old ISPs go crashing. Meanwhile, chat networks like EFNet gets crippled, the Code Red worm slithers around and people (and worms) probe your networks endlessly. I had received a DOS attack before, and I simply changed my IP address to avoid it, but for the rest of the population, I think they need to wise up about this.

Have a nice day.

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com



This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 14:40:06 MDT