Skip to main content

Poll

So, have you been affected by the Blaster virus?

Yes
[ 23 ] (20%)
No
[ 92 ] (80%)

Total Members Voted: 120

Topic: Blaster (Read 5562 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Blaster

Reply #25
Yes, it's good at what it's doing. (though not as good as Snort I think)
Anyway, it's quite easy to teach someone to use a packet filter, especially after initial configuration.
- read program's name to not confuse it with something else
- place a checkmark in 'create a rule' or something similar
- if you're running a new program, allow access
- check if it's 'Modified software notification' or something like that and you didn't install new/old version of the program, block it
- if it's 'Server access notification' and the program is messenger, IRC DCC, Peer2Peer or network game, allow it

BlackICE is not a firewall, because it doesn't hide unused ports
and only blocks connection if it thinks it's a known attack (like trojan).
It will not protect you from unknown attack, unlike a good firewall,
eg. not recently updated Defender won't protect you from RPC exploit.
ruxvilti'a

Blaster

Reply #26
Quote
Software firewall should be a driver, operating at nearly lowest level of network architecture (below protocols).
(Most of them are services nowadays, which is just PLAIN STUPID.)
Trying to kill a running driver in NT/2k/XP is a no-go - result: BSOD.

Surely they are network filter drivers, otherwise they were unable to operate. They need a service part to provide user interface, because driver can't do that.

Also "killing" a driver is impossible, because it's not a process. But stopping and unloading driver is pretty easy often.

-Eugene
The  greatest  programming  project of all took six days;  on the seventh  day  the  programmer  rested.  We've been trying to debug the !@#$%&* thing ever since. Moral: design before you implement.

Blaster

Reply #27
Hardware firewall + software firewall = relatively safe...

Blaster

Reply #28
" Got it 2 times..
Not bad i don't have anti-virus software....

More people around me got it too... ( i don't know why is that... )

( i think have some people don't know what happen to his/her pc ? )

nin...
Guitarist with Tinnitus, i wish to hear the pure silent again.

Blaster

Reply #29
I use an old machine to act as gateway using the FreeBSD OS (which also does NAT+firewalling+bandwidth management+dns cache+web cache+content filtering) to connect the win2k machine to the net. And i absolutely don't open weird attachments or use Outlook at all. Oh and the long ago released patches for win2k were installed promptly as well.

And the AVG Antivirus is up to date too. Is this much to ask to users? I guess so, they are too busy tuning their XP skins or their MSN6 emoticons.
She is waiting in the air

Blaster

Reply #30
My internet machine is wide open on a cable modem and STILL hasn't been infected.  However, a friend on a crappy earthlink dialup was.  Strange.




mobius
Gur svggrfg funyy fheivir lrg gur hasvg znl yvir. Jr zhfg ercrng.

Blaster

Reply #31
Quote
BlackICE is not a firewall, because it doesn't hide unused ports
and only blocks connection if it thinks it's a known attack (like trojan). It will not protect you from unknown attack, unlike a good firewall, eg. not recently updated Defender won't protect you from RPC exploit.

I disagree. BlackIce was a personal firewall and limited HIDS in one. Now it contains a lot of ISS' code (who bought BlackIce) and is bundled as "RealSecure Desktop Protector". BlackIce was well ahead of its time.

Anyway, a good firewall should BY DEFAULT block incoming traffic from the internet to your pc if the connection was not initiated by you (such a technique is called Stateful Inspection and was pioneered by Check Point). This means if someone would do a port sweep on your system everything is automatically dropped, since the firewall keeps a "state table" of all the active connections on your machine and does not allow connections to be initiated from the outside.

Anyway, firewalls and IDS (or IDP(revention)) systems are merging more and more until they will inspect traffic at all layers, not just Layer 3 and 4, even for unknown attacks. This is a trend in the network security space - a good one I might add.
No inspiration

 
SimplePortal 1.0.0 RC1 © 2008-2020