Re: [LUG] XP and firewalls

To: list@xxxxxxxxxxxx
Subject: Re: [LUG] XP and firewalls
From: kevin bailey <kevin_bailey@xxxxxxxxxxx>
Date: Sat, 19 Jan 2002 18:34:15 +0000
Reply-to: list@xxxxxxxxxxxx

Neil Williams wrote:

On Tuesday 15 January 2002 9:00 pm, you wrote:
hi mathew,
be careful about connecting the XP machine directly to the internet -
see http://grc.com/default.htm
You can't believe everything that was feared about XP -

http://www.theregister.co.uk/content/4/23517.html

hmm - the author used the phrase

----------------------------------------------8<------------------------------------------- Everyone from the FBI to the /LA Times/ has something scary to say about the new XP vulnerability. Here's why they all have it wrong. ----------------------------------------------8<-------------------------------------------

which seems a bit global - also - i'm not sure he's impartial - his company sells accounting software and i bet it only runs on windows - i've emailed a question RE platforms to them.

he does not refute the fact that there is a security problem - but says that more notice should be taken of other security problems like a recent oracle vulnerability. i would say that an XP vulnerability will have far greater impact.

also - although he did write about the 'Simple Service Discovery Protocol (SSDP) service' issue he did not mention the main issue which seems to be separate i.e. RAW sockets on home user machines and programs running with administrator privileges. (this was allowed for backwards compatibilty with the win 9x family).

he does also write ----------------------------------------------8<------------------------------------------- Microsoft's security issues are bad. And though my call on this one is that we won't see any massive worm taking advantage of this particular vulnerability, the security of the Simple Service Discovery Protocol in itself still must be addressed and secured. And though Microsoft's own development team was wrong about the effectiveness of XP's Internet Connection Firewall against direct UPnP attacks (which does in fact protect you from unicast traffic), they still have a product that allows multicast and broadcast traffic to arrive to an interface unfiltered. ----------------------------------------------8<-------------------------------------------

http://www.theregister.co.uk/content/archive/19925.html

this one claims that steve gibson is 'loopy' and 'talking bollocks'!!! his main (logical) argument is that windows machines can already be taken over by the sub seven trojan - so an extra vulnerability won't make any difference. also - that crackers can set up their own machines to carry out DOS attacks - but the point RE DOS attacks is that if they have 500 zombie machines they can use them to flood requests to a server and overload it - their own machine on its own would not be much of a problem - and anyway it would be more tracable.

http://www.theregister.co.uk/content/archive/22509.html

i don't think the shields-up probe is supposed to be totally comprehensive - just a first point of checking - it showed some closed and one (unecessarily) open port on my works win2k server which was useful because my boss has now allocated some resources to locking the box down.

The grc site has taken a lot of flak since Steve got hit by that script kiddie and went (IMHO) OTT in his response.
BTW - there are two great tools on the site for testing firewalls under
the shields up link - i managed a clean sweep - nothing to show [for now anyway :o)  
]
Check before you recommend something:
http://www.theregister.co.uk/content/archive/23033.html

the argument here is that this tool can be 'easily' altered to request scans of machines other than your own. first of all the 'easily' bit seems a bit hard to me - hashed ip addresses etc. and anyway, crackers have their own tools for scanning - this test is designed to carry out the same sort of scan that crackers carry out - but YOU get the results back, before a cracker does.

the last 3 articles were all written by thomas c greene - and he seems to be very anti steve gibson - check out www.grcsucks.com - also check out

http://www.pc-radio.com/response.htm where someone makes some interesting comments about him.

it seems we have stumbled upon a minor techie war - but after reading some articles i still think that steve gibson makes the most logical arguments and makes the most sense.

anyway - MS have hacked me off too much recently, especially cos their web proxy server - ISA - looks like it only works for IE. i have tried to use mozilla and netscape in work because IE keeps crashing my machine but the server refuses their requests. the poor guys at mozilla are trying to find a way around it - i'm thinking of suggesting that they put up a message to the effect that ISA is not a true proxy server but MS specific only. people should ask for their money back!!!

kev


--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.

Re: [LUG] XP and firewalls
- From: Simon Waters

References:
- RE: [LUG] Just Curious?
  - From: matthew . gibbons
- Re: [LUG] Just Curious?
  - From: kevin bailey
- Re: [LUG] XP and firewalls
  - From: Neil Williams

Prev by Date: Re: [LUG] Re: suse 7.3?
Next by Date: Re: [LUG] Just Curious?
Previous by thread: Re: [LUG] XP and firewalls
Next by thread: Re: [LUG] XP and firewalls
Index(es):
- Date
- Thread

Lynx friendly