Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
High Bandwidth Worries.

By deefer in Internet
Tue Feb 06, 2001 at 11:47:10 AM EST
Tags: Security (all tags)
Security

Well, I did it. Finally bought my gamers dream machine.
1.2GHz Athlon, 512Mb RAM, GeForce 64Mb Ultra, 75Gb disk.

And a cable internet connection from Blue Yonder.

Which is where the problems started. I've been very careful to install up to date virus protection, and applied all the known tweaks / fixes to W2K. I also installed ZoneAlarm, which provides a rudimentary firewalling facility. Long term, I'll install FreeSco on a spare box I have, and use that to act as a firewall/NAT/IP masquerading on ramp to the net. But for now, I am impatient, and wanted to play Unreal on my shiny new box.

But last night I kept getting pinged, probed and otherwise messed with.


I traced the IP block of the host that was pinging me, using Arin, only for it to come back with basic information. The whole IP block was assigned to Cable and Wireless, so I was kind of stuck there; it was obviously a block for other dialup/cable users, and I wasn't going to start emailng C&W over a couple of pings.
Over about an hour, I had 8 pings from 6 different hosts. Luckily, Zone Alarm "stealths" all of your ports, and does not reply to ICMP messages.

Right now, I don't know what to do. I'm supposed to have an "always on" internet connection but I dare not leave it on when I am not using it, for fear that someone will hijack the machine and misuse/destroy it in some way.

This experience left me thinking. Cable/DSL is gaining massive uptake in Europe, and in the US it seems to be past the "early adopters" market. So there are a lot of these machines on the net, and there will be many, many more to come as the markets expand. But how many of those boxes will be used by the stereotypical AOL subscriber? In the instance above, much like most K5'ers I was able to protect myself because I know what tools to use, and have spent enough time reading security sites to know you can never be paranoid enough. Longer term, I will have the infrastructure to protect myself properly, but this is not a quick job for me with my Windows only background.

So where does this leave the less technical internet user? When I set up my cable connection, Blue Yonder did not make any references to security, nor virus protection. My previous ISP, Pipex Dial at least gave me free virus scanning software. Now that I have the bandwidth to potentially become my own mini ISP (although forbidden to do so by the cable AUP), I feel that Blue Yonder haven't really tried to make me aware of the responsibilities this brings. Do other providers?

Now I know a lot of you will be shaking your heads right now; I shouldn't expect the company to be wiping my nose; caveat emptor and all that. But the wave of mass market users who follow once the early adopters have marked the territory will expect this kind of hand holding. And what are the legal implications? If I run an unprotected version of W98, and get 0wned, whose fault is it? Who is liable for any damages, if the cracker uses my easily stolen bandwidth to damage other machines on the net?

And as for last night, what would you have done? I could quite easily have started fighting back at these unsolicited pings, start pinging them back and all sorts of naughty shenanigans. But where do you draw the line on countermeasures? A warning ping across the bows to show them I'm watching? And how do you know that the host pinging you is up to no good, just trawling, or has been 0wned and is being controlled by someone else? There just seems to be a good deal of naivete and complacency about having an always on connection, from both providers and subscribers. And if a 1337 hacker manages to own a whole load of cable/DSL machines, imagine the trouble (s)he could cause. Is it time to start asking ISP's to offer protection tools, or write security FAQ's for their customers?

Interestingly enough, none of the cable providers I talked to supported Linux, *BSD or any other Unix. All of them said "well, we support Win*, but if you use anything other than that to connect then you're on your own". So by trying to secure my connection I'm effectively cutting myself off from support.

#include "disclaimer.h"
In the above, I am not dissing Blue Yonder in any way, just making a point using my experience with them. I'm not affiliated with Blue Yonder in any way other than as a customer. And I would say that their engineer was polite, on time, and knew his stuff. No connection problems, either - it has worked perfectly since it was installed. If you're in the UK, I'd seriously consider having a go at it.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Is Cable/DSL ...
o The mutts nuts 25%
o For posers 0%
o 31337, d00d! 18%
o Going to bring about the worst DDoS's in history 20%
o Only for the K5 cabal elite 32%
o Huh? 3%

Votes: 55
Results | Other Polls

Related Links
o Blue Yonder.
o ZoneAlarm
o FreeSco
o Arin
o Pipex Dial
o Also by deefer


Display: Sort:
High Bandwidth Worries. | 33 comments (28 topical, 5 editorial, 0 hidden)
This is the story I was about to post (3.25 / 4) (#1)
by imperium on Tue Feb 06, 2001 at 09:17:33 AM EST

My situation is only slightly different. Even the ISP is the same. The differences are merely in my OS and the software I'm using.

Like deefer, I've had port scans from a number of locations in the few days this cable modem's been operating. My response was to keep the log somewhere, and try and identify the pingers and others. Oh, and feel reassured I got this software firewall up the moment I got high-speed.

Is this too blasé? I, like deefer, would appreciate the perspective of the K5 community. Unlike many of you, my level of knowledge about this is exactly what my choice of OS would suggest. Should I be more worried? Also, deefer, I'd be curious to know whether we got pinged by the same people: they could be scanning through blueyonder HSI customers...

x.
imperium

Sorry mate, beat you to it! :) (none / 0) (#5)
by deefer on Tue Feb 06, 2001 at 09:50:40 AM EST

Hmm, I don't think putting up a firewall up straight away is blase - you have a good deal of commonsense, I'd say.

I don't have the logs with me right now, but I can email you them when I get home, if you like. We could be the BYACASK (Blue Yonder Angry Customers Against Script Kiddies) league or something! :)


Kill the baddies.
Get the girl.
And save the entire planet.

[ Parent ]
sure, let's swap logs (none / 0) (#7)
by imperium on Tue Feb 06, 2001 at 10:02:48 AM EST

my PGP key is in my personal info, not that I can find how to give you a nice link to it...

but I look forward to it!

x.
imperium
[ Parent ]

pings and portscans are not neccesarily worrisome (4.66 / 6) (#3)
by Anonymous 242 on Tue Feb 06, 2001 at 09:33:25 AM EST

AFAIK, most broadband providers regularly portscan their own clients to help determine if the users are abiding by the terms of service. Pings are even less worrisome. Given a large enough block of numbers, multiple IP addresses will get pinged while people try to investigate other boxes. If your IP address is one or two numbers different than one of the servers for the ISP, many people will ping your box by mistake when trying to ping this server or that server.

That said, I don't believe that there is ever a valid reason to put a box on a broadband network without a firewall (preferably hardware). Even if one doesn't care about keeping one's private data private, since boxes can be hacked into and used for DOS attacks unbeknownst to the user of the box, it is imperative that one covers one's own tush. If a DOS attack gets traced back to your box, there will be all sorts of trouble. One will have to prove that one's box was hacked, which may not be an easy thing to do.



actually this is kind of interresting... (none / 0) (#33)
by UrLord on Fri Feb 16, 2001 at 10:17:00 AM EST

That said, I don't believe that there is ever a valid reason to put a box on a broadband etwork without a firewall (preferably hardware).
Now I partially agree with this statement. A linux/*BSD/NT/WIN2K/etc box should have a proper firewall. Now I do not know much about apple/Mac OS so I cannot really say whether this OS NEEDS a firewall. Granted, a firewall is a good idea, but an operating system with no multiuser capabilities and that is not serving content (FTP, NNTP, HTTP, etc) is of little threat to being hacked into. Now the user has to be intelligent enough not to open email attachments, use untrusted programs, download warez, etc. Bar being infected by trojans/remote administration programs/etc installed by the user, a patched win9x machine should not have to worry about contributing to DDOS or being used as another type of gateway.

There was a recent discussion in the PSS forums about this topic (under the topic Why Do I Need a Personal Firewall?). With file sharing disabled and no services running on the computer the typical PATCHED Win9x machine should be fairly safe.

Plus, the software based firewalls are a product installed on an already insecure operating system. Adding the complexity of firewalling to a bad hack of a tcp/ip stack will add more bugs and insecurities. You said a hardware based firewall is preferable, but it is much more than preferable, it is almost necessary to provideatleast some of the protection needed.

Now I do agree that firewalls are needed, but this is not a solution to the problem. The only solutions are improbable, and possible impossible. We cannot stop the blackhats/skript kiddies from doing what they are doing. But we can educate the users. With better education and less knee jerking many broadband users will be better protected.

We can't change society in a day, we have to change ourselves first from the inside out.
[ Parent ]

ZoneAlarm (4.60 / 5) (#9)
by Alarmist on Tue Feb 06, 2001 at 10:30:07 AM EST

While ZoneAlarm is a great package (use it myself), you should be aware that some 2.x versions have an obscure vulnerability whereby attackers can access your machine without ever setting off ZA. The vulnerability (reported here) is that ZoneAlarm will not raise an alarm following scans to port 67.

While I like ZoneAlarm, I'd only consider using it as part of a multi-layered defense. Consider putting together a small box for just firewall work, or installing another software firewall to plug the gaps.


Correction: (none / 0) (#12)
by Alarmist on Tue Feb 06, 2001 at 10:57:40 AM EST

ZoneAlarm will not report scans from port 67 to any other port. Mea culpa.


[ Parent ]
heh ah yes... (4.33 / 6) (#10)
by rebelcool on Tue Feb 06, 2001 at 10:38:59 AM EST

i recall first getting my personal firewall up when i got my dsl and immediately receiving pings and probes. Today i've received 4 TCP os fingerprints and some TCP probes...

It's no big deal

What happens is, script kiddies all around the world have massive blocks of IP addresses they tell programs the scan through looking for open holes (commonly FTP servers or back orifice ports). So they scan millions of addresses.

It's nothing. Get used to it. Nobody was targeting you directly or trying to hack your system.

I run a popular webserver off my system... the closest thing to a hacking attempt on it was some people trying an old buffer overflow trick on it which the firewall neatly stopped.

So ignore the pings and probes and get on with your life.

COG. Build your own community. Free, easy, powerful. Demo site

I just ignore it. (4.40 / 5) (#11)
by Seumas on Tue Feb 06, 2001 at 10:42:54 AM EST

Having almost a dozen machines of various flavors (linux, unix, windows) on my home network, it is a rare day I don't receive a few dozen scans or attempted attacks. But I don't worry. First of all, the linux and unix boxes are locked up pretty tight. The windows box is as secure as a windows box can be and is running personal firewall software (fairly useless stuff). In addition, they're all connected to my hardware firewall which is connected to the hub which is connected to the cisco 678 dsl modem.

I don't really worry about tracking down people who make attempts on my boxes. There are so many attempts that it would be a full time job -- assuming I dont' bother with scans of any type (which I wouldn't, because I could care less if someone scans my network).

Basically, there are so many script kiddies out there that tracking them down and giving them a spanking is useless. There are always more to come along and make life hell for you. Instead, spend that energy on fortifying your network and your boxes.
--
I just read K5 for the articles.

Why are you FUD'ing Personal Firewalls (5.00 / 1) (#26)
by Bios_Hakr on Wed Feb 07, 2001 at 10:57:10 AM EST

Seems to me that many Linux zealots seem to think that just because something is closed source, it sucks. What makes you say that personal firewall tools for windows suck. I have used Norton Personal Firewall and Sygate for months at a time and never had any suspicious activity on my box. The tools for windows are easy to configure, easy to run, and easy to audit. I get graphical breakdowns of all the attacks agianst my box and easy "1 click blocking" agianst intruders. Some of the tools even will graph the attack on a map and try to show you where the attack originated. Now I'm not trashing linux (I use Fresco now), but if linux firewall configuration was as easy as the M$ progs, I think more people would be willing to use them. All I'm trying to say is...Linux developers/hackers could definately learn a little about ease of use for the end user by looking at windows apps.

[ Parent ]
Portscans and pings and firewalls, oh my! (3.66 / 6) (#13)
by johncoswell on Tue Feb 06, 2001 at 11:04:36 AM EST

I'm not too worried about pings or portscans, because my Linux firewall ignores them all. I drop all ICMP packets, I run Portsentry on the most frequently attacked ports, and I have a Tripwire-like script that runs once an hour off a write-protected floppy to check for trojaned programs. I physically deleted any software that might potentially cause a problem, like RPC servers and such. I also firewall off all internal services from the outside world, carefully filter all packets and make them go only where I let them go, and force as many server programs as possible to listen only to the internal network adapter. I'm a bit paranoid...but it was worth it.

I left my box alone for 18 days when I went on vacation. Prior to this, I had been probed by script kiddies on IMAP and RPC ports a few times -- maybe ten or so -- in a six month period. I came back from vacation and discovered that all the kiddies were home from school and on their boxes, because I had deterred an additional 25 or so lamers in eighteen days.

I also have ZoneAlarm on the internal Win95/98 machines, just in case the router/firewall gets cracked and someone wants to snoop the home network. Not much of a defense -- I mainly use ZoneAlarm on my machine for the pretty graphs in the System Tray.

The best rule of thumb is the Least Privileges rule -- If you don't need it, turn it off. Block it. Be paranoid. It's OK to be paranoid. 8^)

As for the clueless ISP, after reading a couple of articles on Unix network security, you'll probably know more than the ISP anyway (unless they're really l33t).


johncoswell - http://www.coswellproductions.org
NAT the world to /dev/null (none / 0) (#31)
by Sax Maniac on Fri Feb 09, 2001 at 08:41:30 PM EST

Nice response.

I'm paranoid too, but have less "shields" up, as I dual-boot between Linux and Win98. I don't feel like maintaing two software firewalls, so I simply NAT'd everything out of existence with the router. The router has some really fancy firewall stuff that I've never had to bother with yet. Almost everything incoming gets dropped unless it's ssh (and that daemon doesn't even run 24/7- it's only up when I boot Linux and explicity start it).

I wonder if NAT is enough. To tell the truth, it seemed so easy, that I must have made some mistake: Drop all incoming connections until you feel like running a service. Then, add that and nothing else. Repeat.


Stop screwing around with printf and gdb and get a debugger that doesn't suck.
[ Parent ]

Don't do that... (none / 0) (#32)
by pharm on Sun Feb 11, 2001 at 08:47:14 AM EST

I drop all ICMP packets

You don't want to do that; if you drop all ICMP packets then you'll drop packets that inform you that the route for the connection in question has resulted in packet fragmentation (which is bad), and that your IP implentation should reduce the size of the packets it's sending.

Phil



[ Parent ]
"So where does this leave the less technical. (4.00 / 1) (#14)
by Malk-a-mite on Tue Feb 06, 2001 at 12:14:38 PM EST

"So where does this leave the less technical internet user?"

Same as always... relying on the more technical.

Just because the means by which we access the net changes doesn't mean the user base gets smarter or more at risk, or that the responsiblity of the people who understand how the machines work has decreased.

Rough count of the people I've sat down with and explained the risks of always on access and the benifits of some kind of firewall:
Brother
Sister
Mother
Aunt and Uncle
5 different cousins
4 friends

So I feel I'm doing my part to help secure machines by helping people understand what is possible and how to prevent the problems.

So, who do you want to help today?

The less technical aren't lost (4.00 / 1) (#15)
by DeanT on Tue Feb 06, 2001 at 12:25:09 PM EST

Same as always... relying on the more technical.
I consider myself one of the more technical.

Could I have set up an old 486/etc with OpenBSD/Linux/Whatever to act as a firewall? Yes.

Did I? No.

I just bought a NetGear router and checked the IP filters. It locks it down pretty good right out of the box and is lots quieter than any of the old 486's I own. :) I do think a "firewall" box of some sort is needed that does NOTHING else but act as a firewall.

DeanT

[ Parent ]

This happens daily. (4.00 / 2) (#17)
by molo on Tue Feb 06, 2001 at 01:02:49 PM EST

I have been on Time Warner's Road Runner service for some time. I get probed several times a day now, just looking at TCP traffic. Using the Debian slink tool 'iplogger' I have some pretty good logs of attempted connections. Take a look.

# ./checklog today
Tue Feb 6 00:07:43 asp connection attempt from unknown@2Cust123.tnt2.little-rock.ar.da.uu.net [63.59.144.123]
Tue Feb 6 00:07:44 asp connection attempt from unknown@2Cust123.tnt2.little-rock.ar.da.uu.net [63.59.144.123]
Tue Feb 6 09:17:12 socks connection attempt from unknown@host-216-78-28-107.tys.bellsouth.net [216.78.28.107]
Tue Feb 6 09:17:13 socks connection attempt from unknown@host-216-78-28-107.tys.bellsouth.net [216.78.28.107]
Tue Feb 6 09:17:13 socks connection attempt from unknown@host-216-78-28-107.tys.bellsouth.net [216.78.28.107]
Tue Feb 6 09:17:14 socks connection attempt from unknown@host-216-78-28-107.tys.bellsouth.net [216.78.28.107]
Tue Feb 6 12:25:49 sunrpc connection attempt from 一@165cm32.hkcable.com.hk [61.10.165.32]
Tue Feb 6 12:42:12 socks connection attempt from unknown@host-216-78-31-188.tys.bellsouth.net [216.78.31.188]
Tue Feb 6 12:42:13 socks connection attempt from unknown@host-216-78-31-188.tys.bellsouth.net [216.78.31.188]
Tue Feb 6 12:42:13 socks connection attempt from unknown@host-216-78-31-188.tys.bellsouth.net [216.78.31.188]
Tue Feb 6 12:42:14 socks connection attempt from unknown@host-216-78-31-188.tys.bellsouth.net [216.78.31.188]

# ./checklog yesterday
Mon Feb 5 08:45:05 asp connection attempt from unknown@1Cust32.tnt1.little-rock.ar.da.uu.net [63.59.141.32]
Mon Feb 5 14:56:27 sunrpc connection attempt from 一@[63.114.190.229]
Mon Feb 5 16:44:18 port 98 connection attempt from 一@[213.131.148.177]
Mon Feb 5 20:25:15 sunrpc connection attempt from 一@[211.244.106.52]
Mon Feb 5 20:30:00 sunrpc connection attempt from 一@[211.244.106.52]
Mon Feb 5 22:43:35 sunrpc connection attempt from 一@osprey.multisoft.com [209.195.17.149]

Note that the 'today' log has only been logging for 13 hours so far. It looks like socks is the flavor of the day. BTW, port 27374 is 'asp' or 'address search protocol' but is also used for a windows trojan. (Sub7 or something).

My $0.02: This is the consequence of having your system on a real connect. You need to figure out a way to deal with it. Either get some firewalling software you can put your faith in or get an OS that is designed with security in mind (*nix, OpenBSD in particular). Most of these scans are harmless assuming you don't actually have vulnerable services. If ever in doubt, turn the service off.

As for not having support from the cable company... I wouldn't want them coming in and mucking with my system, even if I was runnign Windows. I don't think you're losing anything here.

Good luck.

--
Whenever you walk by a computer and see someone using pico, be kind. Pause for a second and remind yourself that: "There, but for the grace of God, go I." -- Harley Hahn
Get a Cable/DSL router (4.00 / 2) (#18)
by Tumbleweed on Tue Feb 06, 2001 at 02:30:39 PM EST

I have a cable connection, too, and was getting probed all the time. It's not as fun as when the aliens do it, so I looked around for a solution.

The LinkSys BEFSR41 4-port switched cable/dsl router w/NAT. Very cool. If you don't need a 4 port switch built in, get the BEFSR11. I just turned on the NAT abilities, and all my problems went away. The thing is cheap, too, and _super_ easy to install - it can be managed via the built-in webserver, too, so just configure it with your webbrowser.

To learn all about neato hardware like this, point yourself to http://www.practicallynetworked.com.

They even have ones with wireless ability, etc., these days. Pretty handy.



Those Linksys Devices (none / 0) (#23)
by burton on Wed Feb 07, 2001 at 06:54:24 AM EST

I got the 1-port on a whim, to accompany my 5 port Linksys hubby, and it was a mistake. My Telocity DSL modem (the old model) refuses to play nice with it; I've only had it working correctly once. Being the type who can't stand things being halfassed, I promptly removed it and went back to my QAD 2k box doing Internet Connection Sharing with software firewalling. Don't bitch at me for using an MS solution, please, that box was up for 3 months w/o a studder.

I'm not an amateur, I know my stuff, and I've also heard quite a bit of complaints from other advanced users who have these linksys devices; corrupted downloads, flaky connections, resets, etc etc. I'm not saying they aren't a workable solution, just I made a mistake thinking it was enough for somebody like me :)

Right now I'm happy w/ my mediocre situation, hey, probes happen, its a fact of life. I'm quite paranoid so I'm never going to leave myself vunerable, well, reasonably vunerable :) My current side project is turning a P90 into an OpenBSD transparent bridge that does ipf for when I get my _real_ b/w back (re: dorms). I am really impressed with OpenBSD out of the box.


- throughout human history, as our species has faced the frightening, terrorizing fact that we do not know who we are, or where we are going in this ocean of chaos, it has been the authorities... -
[ Parent ]
reliability of LinkSys depends on firmware version (none / 0) (#27)
by Tumbleweed on Wed Feb 07, 2001 at 02:05:04 PM EST

The vast majority of the problems I've heard of were from people who hadn't updated the device's firmware. This is _critical_ to successful operation of these things. If you're using anything less than 1.36, you're probably going to experience some kind of pain. Once I upgraded to 1.36, however, everything worked _perfectly_.

[ Parent ]
I am aware (none / 0) (#28)
by burton on Thu Feb 08, 2001 at 06:50:25 AM EST

Yes, I immediate upgraded my firmware once I got the device plugged in. And the people who I've heard negative reports from have done the same; we're all geeks :). I'm not saying these things are performing mass major malfunctions, just they tend to have little faults that a techie like myself doesn't appreciate, not to say my Telocity modem itself isn't behaving peevishly as of late as well.

They're a really viable solution, however for somebody who knows their stuff alot better things can be done.


- throughout human history, as our species has faced the frightening, terrorizing fact that we do not know who we are, or where we are going in this ocean of chaos, it has been the authorities... -
[ Parent ]
Its going to become a serious issue. (4.00 / 1) (#19)
by dagoski on Tue Feb 06, 2001 at 02:41:45 PM EST

I dunno how upset I'd be over a few pings. Depending on what your ISP uses to monitor its network, I could see some pings coming from them. I mean, some people are still using Rover as their monitoring software. Most likely, what you're seeing is curious kids learning about how the Internet works. I'd worry about more persistent probes and probes which use something other than ICMP. In any case, you've got your eyes open and are taking good steps to protecting yourself. You are so right in pointing out the looming security crisis here. Most people don't have a clue about security concerns. The perception is that hackers go after big, important systems like DOD, WTO or someone else that uses three letters to refer to themselves. The truth is that there's a lot of script kiddies out there who love to do the digital equivalent of doing donuts on your lawn. I knew enough about some of the less agreeable denziens of local Meida One network insist on having my firewall up and running before I started using the connection. They cruise the network looking for unsecured boxes. Mostly what they do are 'harmless' pranks like sending porn to printers on comprimised box. Of course DSL and cable providers are not going to say anything about that because it'll scare away the uneducated customer. The good news is that as people become informed enough to know they have to take precautions, there are going to be some decent turn key countermeasures. Already I see DSL and cable routers that are preconfigured as firewalls. The ones I saw run less than $300 US. I have no idea how good they are.



Paranoia (none / 0) (#20)
by dneas on Tue Feb 06, 2001 at 02:49:57 PM EST

It seems with all the paranoia about security which rears its ugly head every month or so, the ISPs should be supplying some type of protection. Most people wouldn't have the first clue where to look for security information and advise. The people the cable companys will be targeting in a few years down the road with these products certainly will not. I see someone making a lot of money out of this...
-- "The car is on fire, and there's no driver at the wheel." Cut out the spam block if you need to email about something.
pings (4.50 / 4) (#21)
by 31: on Tue Feb 06, 2001 at 06:20:08 PM EST

Tracking pinging is the stupidest, biggest waste of time you can ever do.

Sorry for the flame-tastic intro, but pings aren't a problem. They are a legitamite tool, and even if some 13 year gets a kick out of pinging out constantly, they aren't hurting you.

The only things you need to be concerned about are things that could actually be attacks. Get an rpc connection attempt? They're probably looking for a redhat box. Correct response: email contact at their ISP, with appropriate log info, and let them deal with it. Monitor tcp and udp

And speaking of that, the people with the biggest risk on high speed connections are the people who don't know what they're doing running linux, not people who don't know what they're doing running windows.

Now... if you're using commercial software, and you get hacked with it, I think the company producing it has some liability, if they know about a problem, and don't fix it... but it is your responsibility to visit places like windowsupdate.microsoft.com, get the critical update notice app from there, and when it tells you critical updates are up, get them.

If you're using non-commercial software, it's your responsibility to know your system, and be able to deal with updates.

and in no case should it be the ISP, outside of shutting down computers that are launching attacks on others. They shouldn't be monitoring for attacks, they should only be providing space on their pipeway... once they get responsible for your security, they can start being liable for other things you do online... and it gets unpretty.



-Patrick
Protection from ISPS (none / 0) (#22)
by Rylian on Wed Feb 07, 2001 at 01:00:38 AM EST

Just FYI, many broadband ISPs also block incoming common services to protect end users. For example, Optus@Home (.au) blocks netbios-ns, netbios-ssn, netbios-dgm, smtp and socks. The first three are used for windows networking (thus protecting those who have their printer shared and don't even know it). SMTP is blocked to stop people from running an MTA on their machine (at least for incoming mail). I'm assuming socks is blocked because many people use socks as a proxy but misconfigure it so that it proxies incoming rather than outgoing connections. (Don't laugh, it does happen!)

As far as protecting yourself, it's the same as protecting any server that's on the net full-time. Don't run any services you don't have to, don't waste your time responding to pings (they're a network diagnostic, remember), keep up to date with vendor updates. I'd tend not to trust personal firewalls, but that's just because I don't know much about them. Give me a real firewall anyday :)

Portscanning (3.00 / 1) (#24)
by loucephyr on Wed Feb 07, 2001 at 07:54:25 AM EST

Wasn't portscanning ruled legal last week? Can't be
anything illigal with walking down the street looking
for open doors, if you don't proceed with entering.


--------------------------------------------------
Free is when you don't have to do or pay nothing,
I want to be free...


Yes, but... (3.50 / 2) (#25)
by cameldrv on Wed Feb 07, 2001 at 10:19:52 AM EST

When people start trying the doorknob to your house constantly it tends to make you a little nervous.

[ Parent ]
re: Yes, but (none / 0) (#29)
by 31: on Thu Feb 08, 2001 at 12:49:40 PM EST

especially when they do it with finglongers (futurama reference) through someone else's window...

or when they just casually try the acme door jimmy... just to see...

-Patrick
[ Parent ]
OT, sorta: Firewalling software. (none / 0) (#30)
by cvou on Fri Feb 09, 2001 at 06:47:13 AM EST

Hiya, sorry for this as its a bit offtopic. I'm in the same boat, having just bought myself a 1ghz tbird, and have win2k on it. I however use BlackIce defender instead of ZoneAlarm. Can anyone enlighten me as to which might be better, and why? I'm flexible.. I can switch.

Thanks..


High Bandwidth Worries. | 33 comments (28 topical, 5 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!