Mailinglist Archive: opensuse-project (441 mails)

< Previous Next >
Re: [opensuse-project] Sample article about new user experience.
  • From: "Carlos E. R." <carlos.e.r@xxxxxxxxxxxx>
  • Date: Sat, 28 Mar 2009 22:47:37 +0100 (CET)
  • Message-id: <alpine.LSU.2.00.0903282234180.5673@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Saturday, 2009-03-28 at 19:30 +0100, Per Jessen wrote:

Carlos E. R. wrote:

On Thursday, 2009-03-26 at 19:33 +0100, Per Jessen wrote:

Presumably Samba runs on a private network, which the firewall is
intended to protect from the public network. Sounds like a Firewall
configuration issue most of all.

Often the internal network is connected to the outside by a router(*)
provided by the ISP (perhaps with WiFi), and can't be considered
secure:

In such a situation I think it is very likely that the router will be
NAT'ing, which without any port-forwarding is actually a pretty safe
setup.

A hacker could log into the router (telnet), and from there perhaps try telnet or ssh to the internal computers, or simply change the configuration to forward the ports he is interested in. By default, this particular router comes with a known login/pass, and administrative ports open to the outside (supposedly only from IPs belonging to the ISP tech support). Or, they could hack their entry to the wifi on the same router, get a local ip, and try some mischief - actually a chap I know said he actually did this to other people, got inside some windows machines, learned the password to the bank, and had a pip inside. He stopped right there, not doing a real mischief: had he intended to do so, he would have instead logged in from one unprotected neighbour to another one, so that the IP logged would not be his.

So, I do not trust those access routers. When mine crashes, it reverts to factory default, which is easily hackeable - and I wouldn't notice till some time.


thus the need for a firewall running on our computers, even on
the "internal" network.

No, that is the wrong thinking. A firewall is of zero use unless it is
in between two networks.

Not quite. SuSEfirewall2 protects the machine it is running on from the network.

- -- Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAknOmwAACgkQtTMYHG2NR9UcKwCghZURlZ/ZC+tAzgvGgmIMsj+E
N88An2keuqs5TM/wv46S0uCK0cvhchs6
=JP9j
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-project+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-project+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups