[Am-info] BBC's GO Digital program

Geoffrey esoteric@3times25.net
Mon, 06 May 2002 17:21:07 -0400 

John Poltorak wrote:
> On Mon, May 06, 2002 at 01:40:07PM -0400, Geoffrey wrote:
> 
> 
>>>OK you have provided a single instance of an OS/2 exploit, which doesn't 
>>>apply to me anyway. I have no reason to lose any sleep over getting hacked.
>>>
>>Don't lose sleep.  I provided one example to answer your question.  I'm 
>>not going to do all your research.  You asked, so I provided an example. 
>>  Don't expect that the single example I provide is the only OS/2 
>>exploit that exists.
>>
> 
> Well I'm not aware of any.

So that means there aren't any???  I'm not aware of any cars driving 
down the road in front of my house, does that mean there aren't any??

>>>What concerns me is the possible increase in levels of traffic which might 
>>>impact on my system thereby slowing it down, if some hacker discovers some 
>>>available ports and puts a lot of effort into breaking through. I do not 
>>>have any concerns  about actually being hacked.
>>>
>>A firewall is not going to eliminate the traffic, just stop it from 
>>getting beyond the firewall.  Ultimately, you network connectivity is 
>>affected regardless of whether you have a firewall or not.
>>
> 
> That's incorrect.
> 
> Packet filtering discards packets and stops replies going back to the 
> originator.

THAT'S INCORRECT.  Packet filters can drop or reject.  drop sends 
nothing back, reject explicitly tells the sender that the packets were 
rejected.

> If the would be hacker is not aware of any open ports, there 
> is no reason for him to look for vulnerabilities on those ports.

The hacker doesn't know if a port is open until they scan your machine, 
which means you're going to get that scan down your pipe whether you 
like it or not.  It's still bandwidth used.  Sure, you can have the port 
locked down and the hacker will get packets back saying that they don't 
have access, or the service is not available, still more packets going 
up the pipe.  Your firewall would decide whether to respond or not. So 
yes, in some cases packet filtering will reduce the network load caused 
by scans or would be expoits. Often times not responding is worse then 
responding.  You're not going to stop the various IIS worms that target 
web servers unless you put your web server on a different port.  Still, 
you'll get the attempt at least as far as your firewall.  That you can 
not stop, unless your ISP blocks port 80 for you, which I don't want my 
ISP doing, thank you very much.

>>>How can you tell if your ids hasn't worked?
>>>
>>You're hacked...
>>
> 
> But how would you know you were?

I've never been hacked, because I have a good firewall and better ids's...
-- 
Until later: Geoffrey		esoteric@3times25.net

I didn't have to buy my radio from a specific company to listen
to FM, why doesn't that apply to the Internet (anymore...)?