Operating Systems > Linux and UNIX
Gaming Dilemma
toadlife:
No. I didn't miss that part at all. XP's firewall is as good as any other firewall for what it does - inbound blocking. Inbound blocking is all you need - especially if you're only going to play games with Windows.
IMO, firewalls are not even really necessary to stay secure - even with Windows. I don't run one - I have my BSD DSL router forward large groups (Ports 5000-12000 Tcp/udp) of ports over to my box which has FreeBSD/XP, so when I need to open up a port on that box, i just pick one from that range and it works.
Don't want people connecting to your Windows machine? Turn the various services that Windows turns on by default off. Turn off file and printer sharing, and Netbios for TCP/IP in your internet connection properties and there will be no ports exposed for any script kiddies/worms to hit.
If you perform these two steps above, the only way you could get hit with malware is if the actual game you were playing had a vulnerability.
A closed TCP port is a closed TCP port. There is no magic way (aside from lUser interaction) for malware to break into a Windows computer that isn't listening.
Orethrius:
--- Quote from: toadlife ---If you perform these two steps above, the only way you could get hit with malware is if the actual game you were playing had a vulnerability.
--- End quote ---
Your saying that tells me that you did, in fact, miss the point. I never meant to say that the vulnerability was in Windows itself. Then again, where do you get off saying the firewall isn't responsible for blocking a vulnerability in the game? If I block port 8080 inbound, I don't expect to see inbound traffic on it, even if the game allows it. That's defending a security breach, as far as I'm concerned.
That's why my boxes are behind a router, because the firewall is SOFTWARE ONLY. It doesn't block third-party connections over legit ports for crap.
--- Quote ---A closed TCP port is a closed TCP port. There is no magic way (aside from lUser interaction) for malware to break into a Windows computer that isn't listening.
--- End quote ---
Evidently not, or you wouldn't have made the prior comment. Apparently, the "magick" way would be to run a third-party application under a first-party OS with sufficient security privs to allow such a breach. Excuse me for seeing that as a shortcoming.
toadlife:
So you are advocating that a Windows machine which is not listening on any TCP ports is more vulnerable than one which has a third party program blocking all it's ports? A third party program can help and it can also add one more layer of potentially exploitable code. Do you remember the worm which infected 12,000 Windows boxes running Black ICE awhile back? The worm exploied a hole in Black ICE itself. If these machines wern't running Black ICE, they wouldn't have been exploited and damaged.
Now if you're going to surf goat porn sites with IE logged on as an administrator, and use outlook express to access your Gmail account, some third party protection would defitnitely be in order, but this machine is only going to be used for gaming. If you turn the windows services off, then the only route of remote exploitation would be through the game itself. Installing a bunch of programs to protect against such an improbable threat, just seems a tad bit paranoid to me.
Orethrius:
--- Quote from: toadlife ---So you are advocating that a Windows machine which is not listening on any TCP ports is more vulnerable than one which has a third party program blocking all it's ports? A third party program can help and it can also add one more layer of potentially exploitable code. Do you remember the worm which infected 12,000 Windows boxes running Black ICE awhile back? The worm exploied a hole in Black ICE itself. If these machines wern't running Black ICE, they wouldn't have been exploited and damaged.
--- End quote ---
Quite the opposite (that is to say, a Windows machine running a software firewall is less secure than one that's blocking all inbound ports via a hardware layer), and I'll thank you not to twist my words to mean something other than what I said. You also miss the point that the Windows firewall has no basis in hardware, it exists solely in the Application protocol layer. There are literally hundreds of scripts out there that allow raw intrusions into the /dev/hda1 space itself by ignoring anything above the Network layer. You need something where you can block traffic at the Physical layer and higher.
--- Quote ---Now if you're going to surf goat porn sites with IE logged on as an administrator, and use outlook express to access your Gmail account, some third party protection would defitnitely be in order, but this machine is only going to be used for gaming. If you turn the windows services off, then the only route of remote exploitation would be through the game itself.
--- End quote ---
Maybe you've forgotten about that nice little Sub7-style backdoor in Doom II that iD hardcoded into the game.
--- Quote ---Installing a bunch of programs to protect against such an improbable threat, just seems a tad bit paranoid to me.
--- End quote ---
You must be new here.
toadlife:
--- Quote from: Orethrius ---Quite the opposite (that is to say, a Windows machine running a software firewall is less secure than one that's blocking all inbound ports via a hardware layer), and I'll thank you not to twist my words to mean something other than what I said.
--- End quote ---
Wrong. Firewalls block data on the network layer. It's impossible to apply any type of traffic rules on the physical layer because the physical layer contains absolutely no type of addressing information. It is possible to block traffic on the datalink layer, but the data link layer contains only mac address information, which is only usefull if the device you want to blocking is on the same logical network as you.
Now, when you said physical layer, I wasn't sure if you were talking TCP or not, but then you came up with this laugher....
--- Quote ---You also miss the point that the Windows firewall has no basis in hardware, it exists solely in the Application protocol layer.
--- End quote ---
Whoops! Wrong again. The Windows firewall is based upon IPSEC which has control of the TCP stack at the network and transport protocal layers. Every firewall, even expensive uber firewalls like the Cisco PIX rest on the network protocal layer.
--- Quote ---There are literally hundreds of scripts out there that allow raw intrusions into the /dev/hda1 space itself by ignoring anything above the Network layer. You need something where you can block traffic at the Physical layer and higher.
--- End quote ---
Huh?? Okay, now I'm not so sure if you even know what you're talking about. I'll have take some guesses as to what you meant.
First of all, if you want to block traffic on the physical layer, unplug the RJ45 cable from your PC, or turn off your router, firewall or switch. It's the only way.
If you were talking about malware that can disable the Windows firewall...
Yes - this is definitely possible, in fact, it's easy if the code has admin priveledges, but how does the malware get onto the PC in the first place? If you are running a game tha has an exploit, and a worm comes through the game onto your PC, how does an external 'hardware' firewall going to help you? Answer - it won't, unless it blocks all outbound connections too. That would be rather inconvenient.
If you were saying you know of scripts can get to a remote host without knowing it's IP address and port, and then put data on the targets hard drive...
Wow. Who Whoever wrote those are some talented mofos, considering it's technically impossible. I'd sure love to meet them so I could bow down to them at the alter of programing gods.
--- Quote ---Maybe you've forgotten about that nice little Sub7-style backdoor in Doom II that iD hardcoded into the game.
--- End quote ---
Never heard of it as I've never played any of the Dooms, but I did a quick Google. That backdoor, was listening on the same port the game listened on. If you played Doom II, then you would have had to tell your firewall to alllow traffic on that port.
Besides that, can you link me to some other major exploits of online games, and some documented cases of people being explioited by them?
To close, you're whole notion of "hardware firewalls" being so superior to "software firewalls" is bunk. There really is little difference between a "hardware firewall" and a "software firewall". "Hardware firewalls" from cheapy $30 linksys boxes, all the way up to $50,000 Cisco PIX are nothing but computers which sole purpose is networking. They have a processors, a motherboard, a BIOS, network interfaces, permanent storage media, and they run operating systems, which do networking, and sometimes other things. The Windows XP firewall has as much control over the machine's network interface as any Linksys box has control over it's network interface. A hardware firewall is tantamount to a bouncer at your door with a guest list. They definitely have their uses but they aren't anything particularly special. Hardware firewalls biggest advantage is the ability to manage traffic for multiple hosts.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version