2 macs and a linux on a LAN

E Frank Ball frankb at efball.com
Sat Aug 5 13:07:39 PDT 2000 

} > 
} > When I was on the modem with the linux box, I found several ports are
} > vulnerable.
} > 
} > I don't know how a firewall works, but what it does, apparently is keep
} > hackers out
} > of your system, particularly important if you are not on occaisional dial-up
} > but
} > constantly connected to a static IP address such as I have on my DSL service.

 
} Firewalls increase the level of complexity for attacks, but do not assume
} that the firewall's protection is absolute. 

Very important point.  Don't ever assume a firewall is "finished"
either.  It is forever a work in progress. 

} Part of a firewall is kind of a special filter that use packet information
} to deny incoing requests based on your policies. An understanding of some
} of the links sent in the last e-mail can help you better inform yourself
} on what your firewall can protect you from, and what it cannot do anything
} about. 

I wrote my firewall from scratch, after examining and trying several of
the free firewalls distributed on the net.  I probably spent close to
100 hours "getting up to speed" on how to write a good firewall and get
it written and in place.

} Again, most home users have little risk of people groing through the
} trouble to learn so much to "root" your home computer. Those that know
} this and are willing to use it, tend to hit high profile targets.
}
} Home users have greater risk of the new MSIE beta crashing their machine,
} or virus infections, or their anti-virus software crashing their machine
} than they do of their "firewall-in-a-box" being peirced, but learning
} about this stuff can be good for you - like broccoli. :-) 

I think you are underestimating the danger to the average home DSL user.
There are thousands of "script kiddies" out there with little real
knowledge downloading scripts to break into peoples computers and
running them on every IP address they can imagine.  A good firewall will
stop the script kiddies, but a knowlegible dedicated hacker could still
get in.  This person is more likely to go after a bigger target (unless
it is something personal).

So start web surfing and find the security sites.  Here's one to get you
started:  www.robertgraham.com/pubs/firewall-seen.html
Also read the ipchains how to.

   E Frank Ball                frankb at efball.com

More information about the talk mailing list