
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2009-03-28 at 19:30 +0100, Per Jessen wrote:
Carlos E. R. wrote:
On Thursday, 2009-03-26 at 19:33 +0100, Per Jessen wrote:
Presumably Samba runs on a private network, which the firewall is intended to protect from the public network. Sounds like a Firewall configuration issue most of all.
Often the internal network is connected to the outside by a router(*) provided by the ISP (perhaps with WiFi), and can't be considered secure:
In such a situation I think it is very likely that the router will be NAT'ing, which without any port-forwarding is actually a pretty safe setup.
A hacker could log into the router (telnet), and from there perhaps try telnet or ssh to the internal computers, or simply change the configuration to forward the ports he is interested in. By default, this particular router comes with a known login/pass, and administrative ports open to the outside (supposedly only from IPs belonging to the ISP tech support). Or, they could hack their entry to the wifi on the same router, get a local ip, and try some mischief - actually a chap I know said he actually did this to other people, got inside some windows machines, learned the password to the bank, and had a pip inside. He stopped right there, not doing a real mischief: had he intended to do so, he would have instead logged in from one unprotected neighbour to another one, so that the IP logged would not be his. So, I do not trust those access routers. When mine crashes, it reverts to factory default, which is easily hackeable - and I wouldn't notice till some time.
thus the need for a firewall running on our computers, even on the "internal" network.
No, that is the wrong thinking. A firewall is of zero use unless it is in between two networks.
Not quite. SuSEfirewall2 protects the machine it is running on from the network. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAknOmwAACgkQtTMYHG2NR9UcKwCghZURlZ/ZC+tAzgvGgmIMsj+E N88An2keuqs5TM/wv46S0uCK0cvhchs6 =JP9j -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-project+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-project+help@opensuse.org