[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Samba & IPTables (fwd)



On Sat, 2 Aug 2003, Charles Bronson wrote:

> > It is a great tool to learn more about networking.
> You are correct when all networking activities are limited to the Well Known 
> Ports. However, what happens when a user gets a request for access to a port 
> above 1024? This could be someone trying to hack their pc or it could be a 
> legitimate use.

What legitimate use access on port > 1024 (on a unknown port) ?
I think it is fairly safe to say that if the user wasn't expecting 
anything to happen, he can deny it temporarily (and maybe that should be 
the default thing to suggest/advice).


> Let's use Bob and Alice (avg users) in an example:
> Bob wants to access the faimily computer from work so he installs <insert 
> Generic Remote Access Tool name here>. The next day Bob is at work and lights up 
> the GRAT client. Alice is home surfing the web and a pop-up asks her if she 
> should allow access to port 2029. Pretend your Alice and make the call, what 
> would you do?

Well, I think you're not talking about the common case here already. I'm 
sure that if bob knows how to install GRAT and was planning to connect to 
home on a system that he shares with his wife. He prepared the personal 
firewall sufficiently.

Anyway, in this case the pop-up probably says something like:

	We noticed someone (from firewall.bobswork.com) trying to connect 
	to 'Generic Remote Access Tool' (on port 2029).

	This traffic is unknown by the firewall and therefor could be
	dangerouse. We advise not to allow it unless you understand the 
	consequences.

	Do You want to allow access to Generic Remote Access Tool from 
	firewall.bobswork.com

			[Yes]	[*No*]	[Customize]

If it was a known protocol the personal firewall could give more 
information about what it is used for. (Warning: this is a remote 
administration tool, someone with access can completely control your 
machine from remote.)

bob is fairly stupid if he installed the personal firewall and the GRAT 
server and didn't think of this before going to work. He still can call 
his wife and tell her to click on Yes ;)

Let me also add that if nothing is listening on a port the traffic is 
dropped silently (and logged). My biggest concern is that you're denying 
the concept of personal firewalls and I don't have time to argue for the 
sake of arguing.

I did a quick search to get a screenshot of ZoneAlarm. There are better 
examples, I'm sure.

	http://antivirus.about.com/library/reviews/aafprzone.htm


> > Lokkit is a very limited tool. It is not functional for most of the home 
> > users and I don't think it is intended to be. Someone in this thread 
> > already refered to it (not supporting samba).
>
> If you look at my previous reply you will see that I already agree with you on 
> this point.

Right, after first saying "This statement is just plain wrong. IPTables is 
a VERY powerful tool.". Next time you better not use strong language if 
you're actually agreeing with me.

I think you understand what I was trying to suggest so for me the thread 
ends here. Feel free to find some other cornercases ;)

Kind regards,
--   dag wieers,  dag wieers com,  http://dag.wieers.com/   --
[Any errors in spelling, tact or fact are transmission errors]






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]