From Oliver Maunder to SuSE Discussion List about Re[4]: [SLE] DoS attacks...:
Just what I'm after too (as a six-month old penguin :-) ).
I'm running SuSEfirewall, which was nice and easy to set up, but I don't think it's giving that much protection. For example, port 21 is open for ftpd, but as far as I can see it, there's nothing to stop any other program using that port.
Only root can run programs bound to ports under 1024, if you don't run ftpd, you can block it with your firewall, if you do, no other program can listen on that port because ftpd already does so.
What would be ideal is something like ZoneAlarm or Tiny Personal Firewall on Windows. When a program tries to access the internet, it asks the user if it's OK, and you can give permission on a one-off basis, or for all future occasions. Is there anything like this available for Linux?
I don't know but, personally, I wouldn't want this. In windows such a program is also more of a use because when you download a fancy screensaver, you don't know if it has a trojan in it or not. If one of those programs you mentioned gives you an alert your screensaver wants to use the internet, that's good. But in linux, as most programs are open source, you won't have this issue (programs wanting to make connections, without you knowing it) unless you are already hacked of course. In that case your firewall program could be replaced and you still wouldn't notice anything.
I know there are other solutions available (like Tripwire), and that I > can check the firewall logs to see what's been going on, but that can be so *dull*!
It is dull but it all depends on what you're trying to protect. If you just have your home pc with no critical services or secret data, it would be silly to spend hours analyzing logs and tweaking a complex firewall. It should be enough to run as least as possible services, install security updates when they come available and being carefull. If you per se want your logs analyzed, there are programs for this, as Jeffrey already mentioned.
Olly
CR> Cheers. Curtis
CR> On Tuesday 05 June 2001 04:20 am, Oliver Maunder wrote:
Flaws in WinXP create a perfect environment for DoS attacks, according to article, which is also a fascinating look into the world of the hacker attacker.
Monday, June 04, 2001, 10:55:32 PM, S. Bulterman wrote:
SB> Read the article and thought it was a compliance issue with the Unix Socket SB> standaard. SB> Windows Me and lower were not 100% compliant with this standards, so no flooding SB> with SB> TCP SYN and TCP ACK. Windows 2000 and XP are now 100% compliant and are capable SB> of sending TCP SYN and TCP ACK attacks..........
Exactly - the quote was:
"When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before."
<flamebait> Surely positioning Linux as a consumer OS is going to cause exactly the same problem? Already, the worst DoS attacks come from unsecured Linux boxes with broadband connections. Surely this problem will get worse as consumer Linux usage increases. </flamebait>
Discuss ;-)
Olly
Oliver
-- dieter