0
freeflir29

Computer Geeks?

By freeflir29, in The Bonfire

Recommended Posts

flyingferret    0

flyingferret
ZA is a pain in the ass, just like windows firewall. Unless you are using something like linux ipchains or cisco ios firewall or PIX, you are using a simplified solution, a jack of all trades. There is a reason that all corporate networks use hardware embedded firewalls.
They also use NAT, althought admittedly mostly for IP conservations.
There is just no good reason not to have a router, plus you can setup log and dump to a syslog server if you want. You can route specific ports to specific internal IPs, etc.
If you want to run ZA also, great...fine...enjoy the setup. But I wouldn't trust ZA alone.
--
All the flaming and trolls of wreck dot with a pretty GUI.

Share this post

Link to post
Share on other sites

flyingferret    0

flyingferret
Not really....it all depends on what your philosophy is on net adminning.
If my machine is dirty, I don't care about blocking, I care about cleaning it. I use other utils to monitor my traffic, I will be notified of spurious activity. But I would much rather see that at my custom threshold than deal with the 'smarter than you are' Zone Alarm. I am a CLI guy, and I like being able to run command line utils with ZA griping at me.

Besides, try this: http://www.sysinternals.com/ntw2k/source/tcpview.shtml
--
All the flaming and trolls of wreck dot with a pretty GUI.

Share this post

Link to post
Share on other sites

PhillyKev    0

PhillyKev
Yeah....I agree, sounded like you were putting all your eggs in the NAT basket. Like I said, ZA or something comparable, or in the case of your examples...better.

I do all that PLUS ZA. Call me paranoid ;)

Sysinternals are a freakin' godsend. My boss dated and was almost engaged to Bryce Cogswell when she went to school with him at Harvard. I've spoken to him a couple times to get help with stuff.

Share this post

Link to post
Share on other sites

flyingferret    0

flyingferret
Quote

My boss dated and was almost engaged to Bryce Cogswell when she went to school with him at Harvard. I've spoken to him a couple times to get help with stuff.



Dude, that rocks!

I use a lot of their utils, even more at my last job. I won $20 one time from a fellow support team member who swore he was not locking out his own account. Used PSLOGGEDON to pinpoint it :)
What is scary is that my network at work is safe at the perimeter and very messy inside. We have a lot of hightly autonomous psuedo-executive people in a small company. There is only so much you can do without pissing them off. But on the bright side, I would never lose my job if they broke something.
--
All the flaming and trolls of wreck dot with a pretty GUI.

Share this post

Link to post
Share on other sites

flyingferret    0

flyingferret
We did not even get to grep, grok, fsck or etc. It can get much better.

Date a coder and start talking about for loops with cins and couts. typically with a guy it might be a for loop, but it should really be an if loop, with a counter for the female side of the iteration.
--
All the flaming and trolls of wreck dot with a pretty GUI.

Share this post

Link to post
Share on other sites

PhillyKev    0

PhillyKev
Quote

We have a lot of hightly autonomous psuedo-executive people in a small company. There is only so much you can do without pissing them off. But on the bright side, I would never lose my job if they broke something.



Hey...are you the guy sitting next to me? ;)

Sounds exactly like my place. Man, it was a nightmare when I started here. Email and web server in a DMZ that was configured to allow Any/Any. Overnight backups would run out of tape space half way through so the guy would just cancel the job when he got in in the morning...every day. There was one user name and password that everyone used and never changed. Servers were running NT 4 SP 4 with no updates. :S

Share this post

Link to post
Share on other sites

flyingferret    0

flyingferret
HAHA...well I have cleaned up A LOT.

I am satisfied with my Cisco full feature IOS entry point. My server is NT, but pretty secure...ongoing organization with domain files rights. But have greatly enforced permissions since joining. Our backups are secure, I added a full rack, a full smart UPS setup, an office to ffice VPN, etc. Always something else to do, but my primary job duty it product support, second is IT.

What is funny, is that it was done by a contract outfit before I got here...pretty ridiculous.
--
All the flaming and trolls of wreck dot with a pretty GUI.

Share this post

Link to post
Share on other sites

nate_1979    9

nate_1979
Pings are NOT that big of an issue, ISP's even send pings out to there customers sometimes.. All a ping is is this packet that gets sent to an IP to see if it answers.. If you have a router, as stated here, PINGS will NOT get to your computer from the outside unless they are A: Allowed by some communication initiated by YOUR computer (highly unlikely that this would result in a PING btw) or B: Your computer is setup as the DMZ Host (DMZ = De-Militarized Zone) in your router, or you have setup some kind of forwarding in your router (Both of these options are under "Advanced settings" and should not have been tampered with unless you really know what your doing)... If you are setup as a DMZ Host, that would allow everything that the router doesnt know what to do with goto your computer... Other than that, your computers IP address which is on YOUR side of your router, is NOT directly accessable from the INTERNET side of your router.

FGF #???
I miss the sky...
There are 10 types of people in the world... those who understand binary and those who don't.

Share this post

Link to post
Share on other sites

Dougjumper    0

Dougjumper
Exactly my point. Thats whay I dont rely on a NAT Router alone. If you want a good router you need to make sure it runs a good SPI. And also some Routers dont discard ICMP packets by Default. You may have to go into the Router itself and Manually set that up.

My 2C..worth.

Share this post

Link to post
Share on other sites

KidWicked    0

KidWicked
Quote

Is there any non-seruptitious use for sending "ICMP Pings." I have McAffee firewall and it has caught quite a few of these so far. It has even told me that some of these "Pings" were trying to open certain ports and one was scanning for a Trojan virus.



Sorry to be pedantic, but...

ICMP is not a transport layer protocol (like TCP or UDP), and therefore it does not have a port-abstraction. Technically therefore, it is impossible for "pings" (by which you most likely mean ICMP ECHO_REQUEST packets) to "try to open certain ports".

What you are most likely seeing is TCP or UDP traffic arriving at your NIC on ports which your McAfee personal firewall is then interpeting as port scanning activity. It thinks the traffic is hostile, when in fact it may not be. Without seeing the logs, I can't draw any specific conclusion, however.

Most networks have a lot of strange traffic floating around on them (see Bellovin's paper: "Packets found on an Intranet" for proof of this fact). Additionally, many protocols generate/broadcast traffic that your firewall may be interpreting as hostile.

In conclusion, just because your firewall tells you the something bad is happening, doesn't necessarily mean that it is.
Coreece: "You sound like some skinheads I know, but your prejudice is with Christians, not niggers..."

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing