SCOUG-HELP Mailing List Archives

>> Next Message >>

Date:	Mon, 24 Feb 2003 11:15:54 PST8
From:	"J. R. Fox" <jr_fox@pacbell.net >
Reply-To:	scoug-help@scoug.com
To:	scoug-help@scoug.com
Subject:	SCOUG-Help: Re: Firewalls

Content Type: text/plain

=====================================================
If you are responding to someone asking for help who
may not be a member of this list, be sure to use the
REPLY TO ALL feature of your email program.
=====================================================

Peter cited several pertinent links re Harry's question. Keep in mind that some of these things (like the
firewall-equipped version of TCP/IP) probably require a SWC or eCS subscription to get. As it happens, I
prefer the hardware type of solution.

Peter continued:

> I bought a hardware firewall a while back (SMC Barricade) and it works
> okay but the logging is almost non-existent (and is buggy). Since I
> like to create error reports, I probably would have been happier with
> Injoy Firewall.

My SonicWall device has extensive logging capabilities (4mb. worth), but I ended up turning most of that
Off, because it was always clogging up with unimportant (?) info about routine burps & hiccups in the 'Net
connection -- various kinds of packets dropping out. All I cared about was the attempted attacks, and I
left that part of the logging On.

Dave Watson commented:

> OS2 systems are
> rarely attacked, the risk doesn't warrant much protection. Most internet
> attacks are automated exploits against well known Windows holes
> which most Windows users don't patch. I don't think I've heard of
> anyone being damaged by an internet attack against an OS2 system.
> Anybody heard of such attacks?

Many attempts, Yes. Actual damage, I doubt it. There are a great many days when I'll get at least one
Netbus + one Sub Seven attack attempt deflected, usually in tandem pairs supposedly originating from the
same IP address, and sometimes more than that. Even if some of these ever got through, I don't think
they'd have much effect. My W2K partitions aren't even visible or accessible while this is going on.
Still, it is annoying, and if I thought for an instant that those were real *origin* IP locations, I'd
probably look into doing something about it.

> What this and other software firewalls usually do is called packet
> filtering, which means you can establish rules for allowing or blocking
> traffic through individual ports. This doesn't always work since you
> sometimes need traffic through certain ports in order to achieve
> desired utility from your internet connection, and attackers often know
> how to take advantage of vulnerabilities in applications that use
> normally open ports.

Such as IRC / ICQ. Steven has said this doesn't represent a significant vulnerability for us, doing this
under OS/2, so I'll leave it at that.

> If you have files or systems worth protecting, you should probably
> consider getting a "real" firewall. They can be had for a few hundred
> up to 10's of thousands of dollars. Many of these use proxies which
> evaluate the traffic and make decisions based on more complex
> criteria than just open or block a particular port. They go between your
> router and modem and look at all the traffic coming into your network,
> making decisions based on the nature of the content. Makes it tougher
> to poke through.
>
> Packet filtering is a good way to start. Gives you logs that might give
> indications of attacks that have occurred against your systems. Also
> gives you some detailed insights into networking.

And if I understood Steve Schiffman correctly (which is maybe not a betting proposition), a firewall with
many "fine-tuning" capabilities like mine can do a number of other things, such as specifically block out
ads from Doubleclick etc., which you would ordinarily need other software to accomplish. I don't have
enough understanding of these issues, and haven't experimented with that, but it would be interesting. My
only concern there is whether it might mess something up or introduce some instability. Don't want to
throw out the baby with the bathwater.

Jordan

=====================================================

To unsubscribe from this list, send an email message
to "steward@scoug.com". In the body of the message,
put the command "unsubscribe scoug-help".

For problems, contact the list owner at
"rollin@scoug.com".

=====================================================

Return to [ 24 | February | 2003 ]

SCOUG, Warp Expo West, and Warpfest are trademarks of the Southern California OS/2 User Group. OS/2, Workplace Shell, and IBM are registered trademarks of International Business Machines Corporation. All other trademarks remain the property of their respective owners.