lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <200308141224.25986.arny@ats.s.bawue.de> From: arny at ats.s.bawue.de (Thilo Schulz) Subject: Microsoft urging users to buy Harware Firewalls -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thursday 14 August 2003 05:13, Richard M. Smith wrote: > Tens of millions of home owners have already purchased NAT boxes and use > them on a daily basis to share their cablemodem and DSL Internet > connections between multiple computers. These products are extremely > popular. Not sure what all these problems that are you complaining > about. In my exprerience, these boxes just work. Somehow, you haven't really understood what I have said. As long, as you do not wish to have any exotic applications or host internet servers you will not run into troubles. To achieve certain things you _must_ configure your hardware router that does NAT to do port forwarding. In this case, I have seen enough users unable to get along with their hardware box. My point is, that microsoft should rather ship with a windows not opening port 139 and 135 by default but only at the user's request. If the user has a hardware firewall and wants to have services opened to the world wide web, he will do port forwarding to the machine in question, and thus again create an attack vector! If microsoft did not open all these ports at all, we would not really need this hardware box and would have the same effect. Sure - some trojans could still open a port - but users must be careful about what programs to install and run anyways. And as most trojans/virii connect to a master, like channel in irc nowadays, this does not really do much of a difference. In a normal home installation with only one computer connected to the net you do not need any netbios or shares. - -- - Thilo Schulz My public GnuPG key is available at http://home.bawue.de/~arny/public_key.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/O2NYZx4hBtWQhl4RAo9VAJ4tyKUQtXcghLJj+mSQFAVFrXU+5ACgyg5k 5zwooxs3gYnb6430mBO81HA= =177h -----END PGP SIGNATURE-----
Powered by blists - more mailing lists