[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Lets discuss, Firewalls...
- To: <full-disclosure@lists.netsys.com>
- Subject: [Full-Disclosure] Lets discuss, Firewalls...
- From: "Mike @ Suzzal.net" <mike@suzzal.net>
- Date: Fri, 29 Aug 2003 22:33:06 -0500
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40";>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Century Gothic";
panose-1:2 11 5 2 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:Arial;}
h1
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:0in;
page-break-after:avoid;
font-size:16.0pt;
font-family:Arial;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Century Gothic";
color:windowtext;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
@page Section1
{size:8.5in 11.0in;
margin:.8in .8in .8in .8in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'>Home and business firewalls<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'>Question to ponder:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'>OK, on my home LAN I have set up a windows
NT4.0 SP2 box with IIS and SQL Server 7.0. No hot fixes on the box at all. I
run a NESSUS scan and I get over 500 available exploits for this box.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'> <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'>My outside address is 216.144.100.100 (not
really so please do not attack who ever that is)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'>The box on the inside is 192.168.0.100/24<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'>Admin password is blank.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'>All IPC$ shares are there.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'> <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'>I can surf the web from the box so it is
fine.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'> <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'>I have no firewall, just a NAT on the Motorola
Surfboard and no 1 to 1 NATing.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'>If you serve NO applications from the
inside of your network (no publicly accessible web server, email server, ftp
server etc...), and you have a NAT router so your addressing on the inside or
your home or business is private (i.e. 192.168.0.x, 10.10.10.x, 172.16.1.x)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'>Can you get to it? How?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'>Do you still need a firewall? Why?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'>Mike<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Century Gothic"><span style='font-size:
10.0pt;font-family:"Century Gothic"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face="Times New Roman"><span style='font-size:
10.0pt;font-family:"Times New Roman"'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>