lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200308141224.25986.arny@ats.s.bawue.de>
From: arny at ats.s.bawue.de (Thilo Schulz)
Subject: Microsoft urging users to buy Harware Firewalls

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 14 August 2003 05:13, Richard M. Smith wrote:
> Tens of millions of home owners have already purchased NAT boxes and use
> them on a daily basis to share their cablemodem and DSL Internet
> connections between multiple computers.  These products are extremely
> popular.  Not sure what all these problems that are you complaining
> about.  In my exprerience, these boxes just work.

Somehow, you haven't really understood what I have said.
As long, as you do not wish to have any exotic applications or host internet 
servers you will not run into troubles. To achieve certain things you _must_ 
configure your hardware router that does NAT to do port forwarding. In this 
case, I have seen enough users unable to get along with their hardware box.

My point is, that microsoft should rather ship with a windows not opening port 
139 and 135 by default but only at the user's request. If the user has a 
hardware firewall and wants to have services opened to the world wide web, he 
will do port forwarding to the machine in question, and thus again create an 
attack vector!
If microsoft did not open all these ports at all, we would not really need 
this hardware box and would have the same effect. Sure - some trojans could 
still open a port - but users must be careful about what programs to install 
and run anyways. And as most trojans/virii connect to a master, like channel 
in irc nowadays, this does not really do much of a difference.
In a normal home installation with only one computer connected to the net you 
do not need any netbios or shares.

- -- 
 - Thilo Schulz

My public GnuPG key is available at http://home.bawue.de/~arny/public_key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/O2NYZx4hBtWQhl4RAo9VAJ4tyKUQtXcghLJj+mSQFAVFrXU+5ACgyg5k
5zwooxs3gYnb6430mBO81HA=
=177h
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists