Re: how to detect hack attempts. [SOLVED]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Saturday, February 22, 2020 8:38:38 PM MST Samuel Sieb wrote:
> On 2/22/20 7:34 PM, John M. Harris Jr wrote:
> 
> > On Saturday, February 22, 2020 8:17:01 PM MST Samuel Sieb wrote:
> > 
> >> On 2/22/20 7:07 PM, John M. Harris Jr wrote:
> >>
> >>
> >>
> >>> Glad to hear it. A quick note, Fedora Workstation (what I refer to as
> >>> the
> >>> "GNOME Spin") may send out an update which resets your firewall to
> >>> their
> >>> defaults, which would open you back up to attacks. I'll pass this
> >>> along,
> >>> and hopefully we can get a more sane firewall into Fedora's GNOME
> >>> experience within the year..
> >>
> >>
> >>
> >>
> >> I guarantee that the firewall will not be changing.  It has been
> >> discussed at length in the past and that is what was decided on.  Your
> >> opinion on it is noted, but will not change anything.
> > 
> > 
> > If it has been discussed at length, then you'd know that it makes no sense
> > to open all of the ports that firewall zone opens. You've seen a
> > real-world example of the harm that firewall zone causes in this very
> > thread.
> 
> It makes sense and I didn't see any harm in this thread.  Feel free to 
> bring it up again, but all you'll do is annoy people.

It makes absolutely no sense. The ports it opens are all meant to run as the 
user, the ones that are, arguably, the most sensitive. It opens these on ALL 
interfaces BY DEFAULT, which is absolutely absurd. This means that everything 
binding a port as the user winds up open to every network they connect to, 
unless the end user explicitly goes and changes the firewall zone, which the 
GNOME UI doesn't even provide a way to do (unless something has changed), the 
use has to use firewall-cmd or open nm-connection-editor. The harm in this 
demonstrated in this thread was opening EVERY PROCESS THAT BINDS A PORT AS THE 
USER to THE ENTIRE INTERNET, on both IPv4 and IPv6.

-- 
John M. Harris, Jr.
Splentity

_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux