lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030830034206.75E3115DA9@mail03.powweb.com>
From: mike at suzzal.net (Mike @ Suzzal.net)
Subject: Lets discuss, Firewalls...

Home and business firewalls

 

Question to ponder:

 

OK, on my home LAN I have set up a windows NT4.0 SP2 box with IIS and SQL
Server 7.0. No hot fixes on the box at all. I run a NESSUS scan and I get
over 500 available exploits for this box.

 

My outside address is 216.144.100.100 (not really so please do not attack
who ever that is)

The box on the inside is 192.168.0.100/24

Admin password is blank.

All IPC$ shares are there.

 

I can surf the web from the box so it is fine.

 

I have no firewall, just a NAT on the Motorola Surfboard and no 1 to 1
NATing.

 

If you serve NO applications from the inside of your network (no publicly
accessible web server, email server, ftp server etc...), and you have a NAT
router so your addressing on the inside or your home or business is private
(i.e. 192.168.0.x, 10.10.10.x, 172.16.1.x)

 

Can you get to it? How?

 

Do you still need a firewall? Why?

 

Mike

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030829/4bf1b785/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ