Mailinglist Archive: opensuse (3627 mails)

[Oliver Maunder <ollym@xxxxxxxxxxxxx>]

Tuesday, June 05, 2001, 3:47:58 PM, Curtis Rey wrote:

CR> This is why, as a year old penguin myself, I desparately need an interface 
CR> that will help me understand how to make a secure firewall without A) leaving 
CR> blatant holes waiting to be exploited, and/or B) impliment rules that lock my 
CR> network interface down so much I might as well unplug my RJ-45.  Another 
CR> thing this newbie would really appreciate is a realtime monitor that would 
CR> give me information/alerts when something tries to send or receive when it 
CR> wasn't initiated by me.  Just a thought or two.  

Just what I'm after too (as a six-month old penguin :-) ).

I'm running SuSEfirewall, which was nice and easy to set up, but I
don't think it's giving that much protection. For example, port 21 is
open for ftpd, but as far as I can see it, there's nothing to stop any
other program using that port.

What would be ideal is something like ZoneAlarm or Tiny Personal
Firewall on Windows. When a program tries to access the internet, it
asks the user if it's OK, and you can give permission on a one-off
basis, or for all future occasions. Is there anything like this
available for Linux?

I know there are other solutions available (like Tripwire), and that I
can check the firewall logs to see what's been going on, but that can
be so *dull*!

Olly





CR> Cheers. Curtis

CR> On Tuesday 05 June 2001 04:20 am, Oliver Maunder wrote:
>> >> http://grc.com/dos/grcdos.htm
>> >>
>> >> Flaws in WinXP create a perfect environment for DoS attacks, according
>> >> to article, which is also a fascinating look into the world of the
>> >> hacker attacker.
>>
>> Monday, June 04, 2001, 10:55:32 PM, S. Bulterman wrote:
>>
>> SB> Read the article and thought it was a compliance issue with the Unix
>> Socket SB> standaard.
>> SB> Windows Me and lower were not 100% compliant with this standards, so no
>> flooding SB> with
>> SB> TCP SYN and TCP ACK. Windows 2000 and XP are now 100% compliant and are
>> capable SB> of sending TCP SYN and TCP ACK attacks..........
>>
>> Exactly - the quote was:
>>
>> "When those insecure and maliciously potent Windows XP
>> machines are mated to high-bandwidth Internet connections,
>> we are going to experience an escalation of Internet
>> terrorism the likes of which has never been seen before."
>>
>> <flamebait>
>> Surely positioning Linux as a consumer OS is going to cause exactly
>> the same problem? Already, the worst DoS attacks come from unsecured
>> Linux boxes with broadband connections. Surely this problem will get
>> worse as consumer Linux usage increases.
>> </flamebait>
>>
>> Discuss ;-)
>>
>>
>> Olly





 Oliver