On Sat, 2 Aug 2003, Charles Bronson wrote: > > It is a great tool to learn more about networking. > You are correct when all networking activities are limited to the Well Known > Ports. However, what happens when a user gets a request for access to a port > above 1024? This could be someone trying to hack their pc or it could be a > legitimate use. What legitimate use access on port > 1024 (on a unknown port) ? I think it is fairly safe to say that if the user wasn't expecting anything to happen, he can deny it temporarily (and maybe that should be the default thing to suggest/advice). > Let's use Bob and Alice (avg users) in an example: > Bob wants to access the faimily computer from work so he installs <insert > Generic Remote Access Tool name here>. The next day Bob is at work and lights up > the GRAT client. Alice is home surfing the web and a pop-up asks her if she > should allow access to port 2029. Pretend your Alice and make the call, what > would you do? Well, I think you're not talking about the common case here already. I'm sure that if bob knows how to install GRAT and was planning to connect to home on a system that he shares with his wife. He prepared the personal firewall sufficiently. Anyway, in this case the pop-up probably says something like: We noticed someone (from firewall.bobswork.com) trying to connect to 'Generic Remote Access Tool' (on port 2029). This traffic is unknown by the firewall and therefor could be dangerouse. We advise not to allow it unless you understand the consequences. Do You want to allow access to Generic Remote Access Tool from firewall.bobswork.com [Yes] [*No*] [Customize] If it was a known protocol the personal firewall could give more information about what it is used for. (Warning: this is a remote administration tool, someone with access can completely control your machine from remote.) bob is fairly stupid if he installed the personal firewall and the GRAT server and didn't think of this before going to work. He still can call his wife and tell her to click on Yes ;) Let me also add that if nothing is listening on a port the traffic is dropped silently (and logged). My biggest concern is that you're denying the concept of personal firewalls and I don't have time to argue for the sake of arguing. I did a quick search to get a screenshot of ZoneAlarm. There are better examples, I'm sure. http://antivirus.about.com/library/reviews/aafprzone.htm > > Lokkit is a very limited tool. It is not functional for most of the home > > users and I don't think it is intended to be. Someone in this thread > > already refered to it (not supporting samba). > > If you look at my previous reply you will see that I already agree with you on > this point. Right, after first saying "This statement is just plain wrong. IPTables is a VERY powerful tool.". Next time you better not use strong language if you're actually agreeing with me. I think you understand what I was trying to suggest so for me the thread ends here. Feel free to find some other cornercases ;) Kind regards, -- dag wieers, dag@xxxxxxxxxx, http://dag.wieers.com/ -- [Any errors in spelling, tact or fact are transmission errors]
