Re: 2nd try: Was Firewall problem: Only works on a restart.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ed Greshko wrote:
> If the system brings up the network interfaces, but no services that
> utilize the network, prior to bringing up the firewall what
> vulnerability is the system exposed to...and for how long?

There is a point of view that says it is a security problem to allow a
system to respond to pings.

I do not agree with this (at least for normal networks), but it appears
to be popular among sellers of Windows “personal” firewalls (i.e. those
that protect only the system on which they run).

The logic is that by responding to an attacker’s ping, you have
confirmed that there is a system there. You may also have given the
attacker some information about the sort of system you run. The attacker
can then carry out a much longer stealthy probe against all ports on
your machine to find out which services are available. Later, when a
vulnerability emerges, the attacker has a list of potential targets.

Now if you’re designing a firewall for someone like Apple or the
Ministry of Defence, and you have a whole 16 million IP addresses to
play with, most of which won’t have any servers running at all, this
might actually be a useful tactic. For the rest of us, attackers can use
a much simpler heuristic.

“Doesn’t matter if the system responds to pings – if it’s an IP address,
it will probably have a computer behind it and is worth scanning.”

James.

-- 
E-mail:     james@ | Remember, half-measures can be very effective if all you
aprilcottage.co.uk | deal with are half-wits.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux