Tuesday, June 05, 2001, 3:47:58 PM, Curtis Rey wrote: CR> This is why, as a year old penguin myself, I desparately need an interface CR> that will help me understand how to make a secure firewall without A) leaving CR> blatant holes waiting to be exploited, and/or B) impliment rules that lock my CR> network interface down so much I might as well unplug my RJ-45. Another CR> thing this newbie would really appreciate is a realtime monitor that would CR> give me information/alerts when something tries to send or receive when it CR> wasn't initiated by me. Just a thought or two. Just what I'm after too (as a six-month old penguin :-) ). I'm running SuSEfirewall, which was nice and easy to set up, but I don't think it's giving that much protection. For example, port 21 is open for ftpd, but as far as I can see it, there's nothing to stop any other program using that port. What would be ideal is something like ZoneAlarm or Tiny Personal Firewall on Windows. When a program tries to access the internet, it asks the user if it's OK, and you can give permission on a one-off basis, or for all future occasions. Is there anything like this available for Linux? I know there are other solutions available (like Tripwire), and that I can check the firewall logs to see what's been going on, but that can be so *dull*! Olly CR> Cheers. Curtis CR> On Tuesday 05 June 2001 04:20 am, Oliver Maunder wrote:
Flaws in WinXP create a perfect environment for DoS attacks, according to article, which is also a fascinating look into the world of the hacker attacker.
Monday, June 04, 2001, 10:55:32 PM, S. Bulterman wrote:
SB> Read the article and thought it was a compliance issue with the Unix Socket SB> standaard. SB> Windows Me and lower were not 100% compliant with this standards, so no flooding SB> with SB> TCP SYN and TCP ACK. Windows 2000 and XP are now 100% compliant and are capable SB> of sending TCP SYN and TCP ACK attacks..........
Exactly - the quote was:
"When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before."
<flamebait> Surely positioning Linux as a consumer OS is going to cause exactly the same problem? Already, the worst DoS attacks come from unsecured Linux boxes with broadband connections. Surely this problem will get worse as consumer Linux usage increases. </flamebait>
Discuss ;-)
Olly
Oliver