???

I have not submitted my vote yet as I feel the question can have many meanings.

I don't feel any software, or hardware firewall are 100% effective by any means, the only way to be 100% secure is not have any networked connection.

Hacking? Well, the only way they can hack you is if you let something in past your defenses, if you block the packets they are just probes. Servers have been exploited by hacking, but there has to be a listening service first.

Scans? Scans are just multiple probes sent out to test for connections, and responses. Almost every product these days blocks scans without any problem.

Nukes? What are nukes really? Malicous packets? If they are blocked they are not a problem, but when you consider protocols that most firewalls don't cover like ARP that could be exploited to possibly re-route or disable their connection. Very few even allow options to change any arp settings as you can disable your own connection by blocking one wrong packet.

What it all comes down to is what they are if they are not blocked by your firewall.... With the only exception of a true dos attack where a few key probes could actually disable your connection if they get past your firewall by some means, or they flood your inbound bandwidth to the point that your connection is unusable.

I’m probably be the 1st then to vote Yes; Look ‘n’ Stop has Complete Control over IP & Non-IP or Other IP Protocols (such like VisNetic Firewall). On my machine ALL remotely generated Hacks/Scans/Nuke attempts are BLOCKED Stone-Cold! I don’t run any Servers or at least authorize anything remotely onto them. My Software Firewall has TCP Stateful Packet Inspection Technology which prevents Spoofing of Active Connections, also preventing various scanning techniques (TCP PING, NULL, FIN, XMAS…) which at a point was capable of bypassing ALL Software Firewalls which didn’t have TCP Stateful Packet Inspection capabilities.

Note: If you receive Flood Packets from a Hi box and your Internet Connection Drops causing Active Connections to Time-Out, regardless your Software Firewall was blocking or not it’s impossible to prevent your Bandwidth from degrading. However with a Software Firewall BLOCKING it, you can withstand quite a bit longer. ;)

;) IMHO, there is -no way- to be 100% secure, with the exception of a complete disconnect, and playing solitare until "the end". I always carry a quote with me from a once famous individual: "Anything made by man...can be destroyed by man". It does seem, at times, that we may be in the process of witnessing that prospect as we discuss these issues. "Hope springs eternal", though.

BTW- ZA is the FW...yeah, I've heard the nasty stuff about it...'getting bad press lately. But "...consider the source".

{QUOTE-> quoting: AplusWebMaster link=board=19;threadid=12264;start=0#msg78823 date=1060473527]
;) IMHO, there is -no way- to be 100% secure, with the exception of a complete disconnect, and playing solitare until "the end". I always carry a quote with me from a once famous individual: "Anything made by man...can be destroyed by man". It does seem, at times, that we may be in the process of witnessing that prospect as we discuss these issues. "Hope springs eternal", though.

BTW- ZA is the FW...yeah, I've heard the nasty stuff about it...'getting bad press lately. But "...consider the source".
<-QUOTE}

Heh, AplusWebMaster! If you like to prove me wrong let’s jump on ICQ or IRC or MSN and you do your thorough attempts… ;)

Phantom, nothing is impossbile, so are you saying its impossible to get into your system from the outside? While something might be improbable in the best situation, notthing is impossible ;)

BTW, just from your example configs you don't secure arp in any way when you must enable it, so there you go, your not 100% secure. I don't suppose you know how to secure a arp table, do you? 8)

{QUOTE-> Phantom, nothing is impossbile, so are you saying its impossible to get into your system from the outside? While something might be improbable in the best situation, notthing is impossible <-QUOTE}
I’m saying ALL remotely generated Hacks/Scans/Nuke Attempts will be Detected&Blocked Stone-Cold! Not single soul were ever capable of breeching, and if you feel you can then you know how to contact me and you can run thorough tests…

{QUOTE-> BTW, just from your example configs you don't secure arp in any way when you must enable it, so there you go, your not 100% secure. I don't suppose you know how to secure a arp table, do you? <-QUOTE}
There are numerous things I could have included but I didn’t; if you think I’m blindsided to securing against malicious ARP then you better view my rule-set provided at my website before making any assumptions.

I'll say no.

Time and time again suposedly bulletproof applications are defeated.

Total security is what we strive for but will never obtain. That doesn't mean we shouldn't try.

If a free or near free SW FW is the answer, Cisco is going to be out of business very soon.

That’s because people using Software Firewall which doesn’t provide the necessary functionality such like Complete Control over “IP & Non-IP or Other IP Protocols”, and those who are doesn’t have the experience to configure the Software Firewalls up properly to meet the necessary requirements. ;)

I've been holding this back, but its obviously Phantom thinks very highly of LnS, and his abilities ;)

Even most software firewalls will block almost all, if not all known exploits, and scans. Nukes... Maybe a made up term, but nukes are nothing more than probes when blocked.

No matter how well something performs under tests, it can't anticipate everything. Nothing is impossible, or bulletproof. While users are the main fault of error in most cases, the code is never perfect.

Hey BlitzenZeus

{QUOTE-> I've been holding this back, but its obviously Phantom thinks very highly of LnS, and his abilities <-QUOTE}
Yes I think highly of Look ‘n’ Stop and also VisNetic Firewall, two very good “Software Firewall” products.

And my abilities; yes I consider myself an expert of Software Firewalls and even Software Security in General. I could possibly go on about how I spent many years mainly focused on …, and so forth but I’m sure you aren’t interested in hearing it. If you are though, you could always contact me…

{QUOTE-> Even most software firewalls will block almost all, if not all known exploits, and scans. Nukes... Maybe a made up term, but nukes are nothing more than probes when blocked. <-QUOTE}
How the heck do you consider Nukes, Flood Packets probes?

{QUOTE-> No matter how well something performs under tests, it can't anticipate everything. Nothing is impossible, or bulletproof. While users are the main fault of error in most cases, the code is never perfect. <-QUOTE}
I absolutely agree; no matter how much something performs under tests, it can’t anticipate everything. Like one has talent for different things one of my main talents is Software Firewalls and Software Security in General, and I’m telling you anything you or anyone can possibly throw at me, ALL will be Detected&Blocked.

And if you think you overall Real Hackers, script kiddies and so forth who over many years tried and failed miserable, that you can breech my Security Defences than be my guest and prove me wrong. Until one can finally be capable of proving to me that my Software Firewall and my Software Firewall configurations can be breeched then I’m going to look at the facts, which is complete protection against ALL Hacks/Scans/Nuke attempts. ;)

{QUOTE-> quoting: Phant0m`` link=board=19;threadid=12264;start=0#msg78995 date=1060557563]
Until one can finally be capable of proving to me that my Software Firewall and my Software Firewall configurations can be breeched then I’m going to look at the facts, which is complete protection against ALL Hacks/Scans/Nuke attempts. ;)

<-QUOTE}

absence of evidence is not evidence of absence.

Just ask any crytozoologist ;)

UNICRON

In reference to TCP Protocols; is there something you think you know that indicates TCP Packet Structure being more then what is already known for Windows 9x/ME/NT/2K/XP? What about ICMP Protocols or UDP? ;)

{QUOTE-> quoting: Phant0m`` link=board=19;threadid=12264;start=0#msg78997 date=1060558881]
UNICRON

In reference to TCP Protocols; is there something you think you know that indicates TCP Packet Structure being more then what is already known for Windows 9x/ME/NT/2K/XP? What about ICMP Protocols or UDP? ;)
<-QUOTE}

I do know that occasionally someone comes up with a malformed packet that has less than favorable results on many firewalls and it is possible that not every conceivable malformed packet has been accommodated.

Since we all know that a malformed raw packet can be written by anyone with some knowledge of the application layer ,transport layer ( TCP and UDP) and/or Internet layer (ICMP, IP) it becomes pretty hard to assert that a firewall is guaranteed to handle any possible case.

I doubt that the creators of any firewall would make that claim. Think of how much money they could make with that claim if they backed it up with guarantees like you get in the UPS industry (guaranteed not to fail or we give you $25,000 etc) Claims like that aren't made by any FW (hardware or software) manufacturer because it simply is too risky.

Hi, Phant0m would you please convince the author of LNS to put up a server, protected only by LNS, then post $100,000 (US) reward, for the first person to own the machine?

I could use the money, post the IP address of the server here and how to collect the money, give me a head start then go public.

Once the offer goes public the machine will be owned in two hours or less, But if by some miracle LNS can stop all of the attack's, The author of LNS will be a very rich man.

I am betting the author wont put his money where your mouth is but who knows, please try, thanks.

I don't think we can be 100% safe even with the best protection, settings or latest definitions.
When I shifted to ADSL a month ago, I discussed a long time about virus, worms, trojans, you name it, with a tech employee of the service company (I subscribed) and he said :

" If I decide to get into your sytem, whatever protection you have, I can be there tomorrow morning."

"We do offer a good virus and firewall security, but will never garantee 100% protection" :(

And then, he explained that it's childplay for certain people to get into a system when they really aim at it. He also said that he even "knows" how to and it isn't so difficult. (!!!)

Of course, he never said that one shouldn't get protected, it's even more important, but "nothing is completely, perfectly guarantee." Not yet.

ANW, before hanging up I warned him not to get into my computer! >:(

And...I think that when we see virus companies been hacked or attacked, it speak by themselves,

Just my opinion,

Uguel :)

**Sorry! I forgot to say that I'm using Zone Alarm and hear a lot of good stuff about "Look 'n Stop" firewall.
That will be my next option when I'll try a new one.**

{QUOTE-> quoting: sounds good link=board=19;threadid=12264;start=0#msg79003 date=1060562259]
Hi, Phant0m would you please convince the author of LNS to put up a server, protected only by LNS, then post $100,000 (US) reward, for the first person to own the machine?

I could use the money, post the IP address of the server here and how to collect the money, give me a head start then go public.

Once the offer goes public the machine will be owned in two hours or less, But if by some miracle LNS can stop all of the attack's, The author of LNS will be a very rich man.

I am betting the author wont put his money where your mouth is but who knows, please try, thanks.
<-QUOTE}

LOL; The Author isn’t making claims of any sort.
And so full of yourself, you think you can breech my Security defences then contact me and you can give it your best shot. I’ll give you as long as you want to try…

Hi 'Sounds Good", although that would be an interesting contest, it is a tad off topic from what Phant0m`` is asking in his poll.

This poll is not "Who would win, L'n'S or the hacker comunity"


lest we digress, lets keep on target folks.

Thanx.

{QUOTE-> quoting: UNICRON link=board=19;threadid=12264;start=0#msg79001 date=1060561014]
{QUOTE-> quoting: Phant0m`` link=board=19;threadid=12264;start=0#msg78997 date=1060558881]
UNICRON

In reference to TCP Protocols; is there something you think you know that indicates TCP Packet Structure being more then what is already known for Windows 9x/ME/NT/2K/XP? What about ICMP Protocols or UDP? ;)
<-QUOTE}

I do know that occasionally someone comes up with a malformed packet that has less than favorable results on many firewalls and it is possible that not every conceivable malformed packet has been accommodated.

Since we all know that a malformed raw packet can be written by anyone with some knowledge of the application layer ,transport layer ( TCP and UDP) and/or Internet layer (ICMP, IP) it becomes pretty hard to assert that a firewall is guaranteed to handle any possible case.

I doubt that the creators of any firewall would make that claim. Think of how much money they could make with that claim if they backed it up with guarantees like you get in the UPS industry (guaranteed not to fail or we give you $25,000 etc) Claims like that aren't made by any FW (hardware or software) manufacturer because it simply is too risky.
<-QUOTE}

Now I could have possibly misunderstood you but what I’m interpreting from what you posted is that a rule-base Software Firewall with TCP SPI with a rule configured to BLOCK ALL TCP Protocol regardless of the direction, that today’s Software Firewalls such as Look ‘n’ Stop, Sygate Personal Firewall, Kerio and so forth cannot successfully block ALL forms of TCP packets? ;)

Actually if that was what all a firewall was for you wouldn't need one, you'd just unplug your ethernet card.

Unfortunately, firewalls have to decide which packets to let through, and thus lies the problem.

{QUOTE-> quoting: UNICRON link=board=19;threadid=12264;start=15#msg79012 date=1060566744]
Actually if that was what all a firewall was for you wouldn't need one, you'd just unplug your ethernet card.

Unfortunately, firewalls have to decide which packets to let through, and thus lies the problem.
<-QUOTE}

I’m sorry I’m little dumbfounded at the moment, was that an answer to my post? :D

{QUOTE-> quoting: Phant0m`` link=board=19;threadid=12264;start=15#msg79013 date=1060567036]
{QUOTE-> quoting: UNICRON link=board=19;threadid=12264;start=15#msg79012 date=1060566744]
Actually if that was what all a firewall was for you wouldn't need one, you'd just unplug your ethernet card.

Unfortunately, firewalls have to decide which packets to let through, and thus lies the problem.
<-QUOTE}

I’m sorry I’m little dumbfounded at the moment, was that an answer to my post? :D
<-QUOTE}

yes it was.

I can see that this isn't going anywhere. Anytime the UFO defense is used, it becomes pointless.

No offense to you Phant0m``, you may indeed be correct that L'n'S is whithout any flaw of any kind (actually I hope it is since we host them and that might be a nice reflection on us ;) ). But your definition of proof doesn't follow the scientific method very closely so perhaps we can just agree to disagree ;)

OK, so if that was an answer to my post then explain to me how TCP Packets can get “IN” when I have a rule to BLOCK-ALL TCP Protocol Inbounds…?!?!? ;)

In Addition; with TCP SPI Enabled... Of course!

{QUOTE-> quoting: Phant0m`` link=board=19;threadid=12264;start=15#msg79017 date=1060569388]
OK, so if that was an answer to my post then explain to me how TCP Packets can get “IN” when I have a rule to BLOCK-ALL TCP Protocol Inbounds…?!?!? ;)
<-QUOTE}

the point was that if you have blocked every port for everything in all directions you don't need a firewall, you don't even need an internet connection at all.

it isn't untill you want to allow some packets but not all packets that a fw actually is needed. I pretty sure you knew that. So if your fw is going to let in a particular packet, it has to look at every single one to decide if the packet matched the criteria of a packet that is allowed to pass through the fw. I think you knew that too.

So now we are looking at with the decision algorithms. Are they perfect? Any chance of a buffer overrun? Any chance that the criteria for an allowed packet isn't strict enough? Any possiblity that spoofing can occur? These are questions for the developer since you couldn't know the answer without the source code. Even then, could there be an oversite? what if other software is installed, does that elevate the risks?

Hey UNICRON

heh

In reference to TCP Protocol; if I make a Rule to ONLY Authorize ALL locally started Connections using rule-base Software Firewall with TCP Stateful Packet Inspection capabilities, you telling me that now there is error whether I’m using Look ‘n’ Stop or VisNetic Firewall or….

Alright now you know anything about Stateful Packet Inspection Firewalls you know any Spoofing Attempt of an Active Connection are BLOCKED! ;)

I am getting tired of saying the same stuff over and over again.

Phant0m``, you are assuming that everything works perfectly. This is something the software industry as a whole has a horrible track record at. And why shouldn't they? This technology is so new that we can expect issues and problems with computing hardware and software in general for years to come. Not untill software engineers have to sign off on programs can we expect better. The OS your FW is running on hasn't been known for its great security record and since it exists between the ethernet card and the fw, there will always be doubt.

I am glad you are happy with the fw you use. I know L'n'S had an excellent track record and is a solid company. We wouldn't host their forums elsewise.

Hey UNICRON

I apologize for the troubles I may cause you.

I would have to be an fool to assume every Software works flawlessly, and in reference to Software Security I surely don’t trust server Software working flawlessly. Best anyone can do is making sure the server Software is kept up-to-date and hopes it’ll withstand.

And I would have to be mentally handicap to think the Operating Systems are built flawlessly.

I understand Packet notion and I understand Software Firewalls, and I’m telling you there is definitely no chance of anything remotely generated getting pass my Software Firewall and its configurations.

Now while you and whoever else claims it’s impossible, I’m here still waiting for one to prove it. By taking the challenge or whatever you wish to call it and come forth and attempt to do anything you or whoever can possibly think of. ;)

{QUOTE-> quoting: Phant0m`` link=board=19;threadid=12264;start=15#msg79040 date=1060580427]
Hey UNICRON

I apologize for the troubles I may cause you.
<-QUOTE} lol, don't worry I'll survive.
{QUOTE->

I would have to be an fool to assume every Software works flawlessly, and in reference to Software Security I surely don’t trust server Software working flawlessly. Best anyone can do is making sure the server Software is kept up-to-date and hopes it’ll withstand.
<-QUOTE}
or make it better, someone has to.
{QUOTE->
And I would have to be mentally handicap to think the Operating Systems are built flawlessly.
<-QUOTE}
yet the fw that runs on it can! A brick house built on mud...
{QUOTE->
I understand Packet notion and I understand Software Firewalls, and I’m telling you there is definitely no chance of anything remotely generated getting pass my Software Firewall and its configurations.
<-QUOTE}
assuming everything that needs to work correctly does so

{QUOTE->
Now while you and whoever else claims it’s impossible, I’m here still waiting for one to prove it. By taking the challenge or whatever you wish to call it and come forth and attempt to do anything you or whoever can possibly think of. ;)
<-QUOTE}

I don't claim it is impossible, just improbable. While you wait for perfection to be disproved, you might note that perfection can't scientifically be proved at all.

I won't claim to know how to defeat a decent firewall, but that doesn't mean it is perfect. All of these sw firewalls have had vulnerabilities in the past, but I am glad to see you are so confident we have seen the last of those pesky exploits!

:D

OK, this thread has outlived its usefullness. Apparently no one but us care at all ;)

I am going to close this thread, but to avoid being a "last-wordist", I'll give you one last post.

Just don't violate the TOS or I'll have edit it (therfore getting the last word) ;)

closing arguments?

I Agree. ;)