| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat Jan 21 22:11:59 2006 From: dudevanwinkle at gmail.com (Dude VanWinkle) Subject: Personal firewalls. On 1/20/06, Eliah Kagan <degeneracypressure@...il.com> wrote: > > Z sends spoofed packets coming from the DNS server of X even more > > interesting.. > > When Sygate PRO "blackholes" a host, does it block only unsolicited > packets (bad), or does it block *all* incoming packets from that host > (worse)? It blocks all traffic from the IP address, you can verify this by looking in the advanced rules section after being scanned. Watch out for Proventia/RSDP as well as BlackIce. Even though their xml file for distributing rules and policies is one of the best I have seen, their effect on performance is one of the worst I have seen, and they dont protect your machine from disgruntled employees (ahem..Witty), nor the determined attacker. One good way to test a firewall to see if it will hold its mettle is by nmapping a machine with -p 1-65353. Then see how your network performance is degraded. Also an intense nessus scan against the firewalled machine will help show you how the server/workstation will perform while under an attack. My experience with proventia/realsecure/blackice is that it grinds your machine to a halt (or at least _really_ slows it down) for up to 30 min from an intense nessus scan. One reason I did not go with ZoneAlarm at the workplace was due to the fact that (given this was a year ago) it kept forgetting settings. Also my employer had a site license for ZA, but if you use it for business, you are supposed to pony up a lic. fee. ZoneAlarm is free for _personal_ use only. One reason I did not like Sygate was, if you enabled application protection then 1 month later installed hotfixes from MS that updated a system file, after your machine rebooted, then Sygate would block (eg:kernel32.dll) as an "untrusted app". You can re-scan your system files after installing the patch, but when you have an automated patching solution, this can sometimes be hard. Booting in safe mode and disabling Sygate was the resolution for that issue. On second thought, I would advise against running application protection (in its current form) on any software firewall. The technology is just not mature enough for production environments (or wasnt 4 months ago, that could (should ;-) have changed by now. -JP
Powered by blists - more mailing lists