2nd try: Was Firewall problem: Only works on a restart.

James Wilkinson fedora at aprilcottage.co.uk
Wed Feb 25 22:02:33 UTC 2009


Ed Greshko wrote:
> If the system brings up the network interfaces, but no services that
> utilize the network, prior to bringing up the firewall what
> vulnerability is the system exposed to...and for how long?

There is a point of view that says it is a security problem to allow a
system to respond to pings.

I do not agree with this (at least for normal networks), but it appears
to be popular among sellers of Windows “personal” firewalls (i.e. those
that protect only the system on which they run).

The logic is that by responding to an attacker’s ping, you have
confirmed that there is a system there. You may also have given the
attacker some information about the sort of system you run. The attacker
can then carry out a much longer stealthy probe against all ports on
your machine to find out which services are available. Later, when a
vulnerability emerges, the attacker has a list of potential targets.

Now if you’re designing a firewall for someone like Apple or the
Ministry of Defence, and you have a whole 16 million IP addresses to
play with, most of which won’t have any servers running at all, this
might actually be a useful tactic. For the rest of us, attackers can use
a much simpler heuristic.

“Doesn’t matter if the system responds to pings – if it’s an IP address,
it will probably have a computer behind it and is worth scanning.”

James.

-- 
E-mail:     james@ | Remember, half-measures can be very effective if all you
aprilcottage.co.uk | deal with are half-wits.




More information about the fedora-list mailing list