Mailinglist Archive: opensuse (3627 mails)
|< Previous||Next >|
Re: [SLE] DoS attacks and WinXP
- From: Oliver Maunder <ollym@xxxxxxxxxxxxx>
- Date: Tue, 5 Jun 2001 16:26:54 +0100
- Message-id: <13125525593.20010605162654@xxxxxxxxxxx>
Tuesday, June 05, 2001, 3:47:58 PM, Curtis Rey wrote:
CR> This is why, as a year old penguin myself, I desparately need an interface
CR> that will help me understand how to make a secure firewall without A) leaving
CR> blatant holes waiting to be exploited, and/or B) impliment rules that lock my
CR> network interface down so much I might as well unplug my RJ-45. Another
CR> thing this newbie would really appreciate is a realtime monitor that would
CR> give me information/alerts when something tries to send or receive when it
CR> wasn't initiated by me. Just a thought or two.
Just what I'm after too (as a six-month old penguin :-) ).
I'm running SuSEfirewall, which was nice and easy to set up, but I
don't think it's giving that much protection. For example, port 21 is
open for ftpd, but as far as I can see it, there's nothing to stop any
other program using that port.
What would be ideal is something like ZoneAlarm or Tiny Personal
Firewall on Windows. When a program tries to access the internet, it
asks the user if it's OK, and you can give permission on a one-off
basis, or for all future occasions. Is there anything like this
available for Linux?
I know there are other solutions available (like Tripwire), and that I
can check the firewall logs to see what's been going on, but that can
be so *dull*!
CR> Cheers. Curtis
CR> On Tuesday 05 June 2001 04:20 am, Oliver Maunder wrote:
>> >> http://grc.com/dos/grcdos.htm
>> >> Flaws in WinXP create a perfect environment for DoS attacks, according
>> >> to article, which is also a fascinating look into the world of the
>> >> hacker attacker.
>> Monday, June 04, 2001, 10:55:32 PM, S. Bulterman wrote:
>> SB> Read the article and thought it was a compliance issue with the Unix
>> Socket SB> standaard.
>> SB> Windows Me and lower were not 100% compliant with this standards, so no
>> flooding SB> with
>> SB> TCP SYN and TCP ACK. Windows 2000 and XP are now 100% compliant and are
>> capable SB> of sending TCP SYN and TCP ACK attacks..........
>> Exactly - the quote was:
>> "When those insecure and maliciously potent Windows XP
>> machines are mated to high-bandwidth Internet connections,
>> we are going to experience an escalation of Internet
>> terrorism the likes of which has never been seen before."
>> Surely positioning Linux as a consumer OS is going to cause exactly
>> the same problem? Already, the worst DoS attacks come from unsecured
>> Linux boxes with broadband connections. Surely this problem will get
>> worse as consumer Linux usage increases.
>> Discuss ;-)
|< Previous||Next >|