lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY7-DAV51IKTmgk88700027127@hotmail.com>
From: rlanguy at hotmail.com (Lan Guy)
Subject: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)

that is not logical, because if you use an ethernet broadband connection and
connect via a dialler (L2tp or pptp) then you have to firewall both that is
correct.
but what about firewalling the connection via vpn to your office. Although
if the office is already infected it might not be such a bad idea ....


Lan Guy

  ----- Original Message ----- 
  From: Richard Stevens
  To: Chris Garrett ; full-disclosure@...ts.netsys.com
  Sent: Tuesday, August 12, 2003 3:34 PM
  Subject: RE: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM
Worm Propagation (fwd)


  I appreciate that many users dont know what a firewall is.. but this stuff
is given so much coverage and sales pitch.. it makes you wonder....

  with regards to which ports to block etc... the ICF firewall by default
just blocks all incoming traffic that has not specifically been requested,
and allows all outgoing. It doesnt take a genius to click "firewall this
connection"  no user thought processes required!

  maybe ms should enable it be default on any interface with a public IP
address?



  -----Original Message----- 
  From: Chris Garrett [mailto:somatose@....net]
  Sent: Tue 12/08/2003 12:43
  To: full-disclosure@...ts.netsys.com
  Cc:
  Subject: Re: [Full-Disclosure] ISS Security Brief: "MS Blast" MSRPC DCOM
Worm Propagation (fwd)



  Richard Stevens:
  > I must be missing something here... xp home & pro both have a "click
  > and forget" firewall?
  > why aren't people using it?

  You're talking about the Internet Connection Firewall (ICF)? Firstly, if
most
  people even knew what a firewall was, then the impact of this worm might
not
  have been as severe. I'm sure you realize there are a lot of users out
there
  that bought XP for its "pretty" interface. Those people don't know a
firewall
  from a hole in the wall. If you tell them it can protect their precious
computer
  from evil script kiddies, then they might be more interested, but unless
you put
  that information right in their face, they're not going to bother.

  As far as my friend is concerned, he wasn't using ICF, rather, he was
using
  Sygate. He knows what a firewall does, but he has no real experience that
has
  mandated he ever really configure/use a firewall. A firewall gives a user
so
  much power. To be able to block incoming and outgoing traffic is a pretty
big
  responsibility. Which ports should a user configure? How on Earth is an
  inexperienced user to know? Unless you have experience configuring
firewalls on
  servers or managing a personal home network built for the
security-conscious
  people that go out and do lots of research, you will have no idea. Also,
unless
  a user with a firewall keeps up to date on advisories, that person will
not be
  very aware as to the urgency of filtering certain ports. Most people that
run
  windows and have heard about the "auto updating" service think that that
service
  is going to protect them from anything major, anyway. "It's an automatic
  updating service. Microsoft isn't going to leave me hanging." Seriously,
people
  develop a false sense of security. You can give someone a firewall, but
that
  doesn't mean they'll know what to do with it.

  I informed another friend of mine today that friend #1 [the one infected
with
  the worm] was infected with a particular worm based on a recently released
  exploit. I told him he should secure his computer. His response was "But I
have
  an Anti-Virus program installed." More false sense of security. I cleared
the
  falsity of this claim up for him, of course, but he's more into computers
than
  your average user. He's a webdesigner.

  My point is, there are people out there who need to be educated. I teach
people
  what I can to help them secure their systems on their own. I pull people
out of
  that false sense of security and that notion that if they modify any
settings in
  Windows that it will break. If they need to ask, I tell them I'm here for
their
  inquiries, and Google can take care of the rest.

  Companies like Cox, on the other hand, go and filter port 135, and even
outgoing
  port 25! I had a long discussion with one of the techies that works at Cox
in
  regards to the port 25 filtering, because one day I could no longer
connect to
  my SMTP server outside Cox's walls. The tech said he didn't think it was
the
  greatest of ideas, but it was easier to just filter 25 than it was to set
up
  smtp-auth or pop-before-smtp. The same mindset was applied to port 135. I
don't
  particularly like the fact that those ports have been filtered. It seems
very
  restrictive, even though I can find other ways to get along without using
those
  ports in the manner in which they have been filtered. I don't even like
hosting
  services that install a spam-filtering agent by default. I want to receive
the
  mail and traffic that was intended for me. If I don't want it, I'll learn
how to
  filter it myself. Companies like Cox spend more money advertising than
they do
  educating people to make the Internet an overall more secure place for the
  average user. Cox, instead, protects the ignorant people and keeps them
  ignorant. I think Cox should have send snail-mail to each one of its users
  describing its reason to blocking port 25 or even 135. That would have
made one
  HELL of a dent in the ignorance. Oh well, Corporate America.

  People can learn! Teach them! Don't let them be ignorant. Ignorance is a
MAJOR
  security problem!

  Of course we could just take the easy way out: How do you secure the
Internet?
  Kill all its users.

  Regards,
  Christohper Garrett III
  Inixoma, Incorporated

  _______________________________________________
  Full-Disclosure - We believe in it.
  Charter: http://lists.netsys.com/full-disclosure-charter.html


  _______________________________________________
  Full-Disclosure - We believe in it.
  Charter: http://lists.netsys.com/full-disclosure-charter.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030812/6eb15e7c/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ