2 macs and a linux on a LAN

[ME]

On Fri, 4 Aug 2000, John F. Kohler wrote:
> Fortunately, I have found that both Macintosh computers, behind the linksys
> are protected by a firewall.  There is a website that will probe your system:
> 
> http://www.grc.com
> 
> When I was on the modem with the linux box, I found several ports are
> vulnerable.
> The Macs, on the other hand, took a long time to test, but the report was
> that
> they were invisible.
> 
> I don't know how a firewall works, but what it does, apparently is keep
> hackers out
> of your system, particularly important if you are not on occaisional dial-up
> but
> constantly connected to a static IP address such as I have on my DSL service.

Though there is not a great deal of risk for a home user using a
"firewall-in-a-box" for the most part, they do not *keep* hackers out of
your system. A firewall is kind of like a set of policies, or rules. (This
is actually a good general parallel.) In real-life, we create laws to
"stop" people from doing things the government does not like, and even if
we assume they follow the law, loopholes are found, and exploited by those
that can. (Look at the IRS, and the tax loopholes that are found and
exploited each year by those that are talented.) 

Firewalls increase the level of complexity for attacks, but do not assume
that the firewall's protection is absolute. Your firewall would probably
not protect you against a trojaned file sent to you via e-mail as an
attachment etc, that used a MSOE auto-execute on open VBS to
download/install something like a modified Back Oriface that creates an
outgoing connection request to a remote machine to advertise its
willingness to be "owned". (Hey, it seems far fetched, but all of the
pieces are there...)

The place you went to "click here to test your firewall" is probably just
a plain vanilla port scanner. Many funky things can be done with packet
fragmentation, odd offsets, and taking advantage of ICMP error messages
for malformed headers to certain IP addresses to scan for machines to
fingerprint through a firewall. I bet that packets with a source port of
53 (DNS) connections pass right through your firewall - no questions
asked.

Part of a firewall is kind of a special filter that use packet information
to deny incoing requests based on your policies. An understanding of some
of the links sent in the last e-mail can help you better inform yourself
on what your firewall can protect you from, and what it cannot do anything
about. 

Again, most home users have little risk of people groing through the
trouble to learn so much to "root" your home computer. Those that know
this and are willing to use it, tend to hit high profile targets.

Home users have greater risk of the new MSIE beta crashing their machine,
or virus infections, or their anti-virus software crashing their machine
than they do of their "firewall-in-a-box" being peirced, but learning
about this stuff can be good for you - like broccoli. :-) 

> Does that mean that I can build on what I already know and none of
> it becomes obsolete as new revisions of an OS appear?

For the most part, the command line tools will not change much at all.
Those nifty GUI control panels, and gee-whiz-bang config/setup tools will
undoubtedly change. This is why I suggest spending more time learning the
concepts, and command line tools when you can. These command line tools
and concepts are very close between distros, but hte fancy GUIs can be
vastly different.

For the most part, route, ifconfig, tar, cat, man etc work just as they
did in the earliest slackware releases, but the window managers have come
a long way since fvwm. 


-ME