Firewall Stats

Discussion in 'other firewalls' started by controler, May 16, 2002.

Thread Status:
Not open for further replies.
  1. controler

    controler Guest

    Dumb Firewall Blockers
    The term "Dumb Firewall" is a term to describe a firewall program that has very little intelligence. It simply blocks ALL Internet connections by default. Some of these may ask you to trust a program before it will allow inbound or outbound connections to your computer. End users that choose not to trust the program may find that their Internet program(s) no longer function properly anymore. On the other hand, if they choose to trust the 'WRONG' program, they may be allowing crackers into their computer without ANY future warnings from the Dumb Firewall.

    Dumb Firewall programs provide absolutely NO protection whatsoever against backdoor programs that come built into Internet servers such as NetSnooper Gold. NetSnooper is only one example of what ANY program can do to gain access to your PC while posing as one of your trusted Internet programs.

    If the user were to trust a program such as mIRC they would also be trusting any backdoored scripts that the program may load. This includes backdoor and hostile mIRC scripts that are able to DELETE, RENAME, EXECUTE, DOWNLOAD, and UPLOAD files. Your computer could also be used to infect other computers with any one of thousands of IRC worms. ALL of this can EASILY be done WITHOUT ONE single warning from a Dumb Firewall that trusts programs on a per application basis rather than intelligently.

    Dumb Firewalls do NOT monitor your configuration files; They do NOT monitor your registry; They do NOT monitor your startup folders; They do NOT scan for Trojans; Some do not even provide a list of socket connections; Though you may choose to use a Dumb Firewall along with LockDown, the real protection will come from the program that is providing the multitude of protection and watching over your entire system.


    Dumb Firewall Blockers Do Not Scan For Or Remove Trojans
    Though a Dumb Firewall can aid in preventing a Trojan from accessing the Internet,
    or help identify a program that may be a Trojan, it does not terminate the process or remove the problem. After the user chooses not to trust the Trojan process, they are STILL infected. The Trojan is STILL running on their computer! If the Dumb Firewall ever fails to load or if the user turns off the firewall, the Trojan will now be able to freely make or allow unrestricted connections to your computer. The reader should also be aware that the Trojan may carry a payload that can delete files or cause damage after a certain number of days that the hacker was not able to access the computer. One of many examples is the Billrus Trojan which deletes all files on drive C the 30th time that the Trojan is activated.

    Having a Trojan running on your computer, could even be a time bomb just waiting to go off. In the case of the Dumb Firewall, it is almost like locking a burglar in your home and then going back to sleep.




    PORTS

    In the past some versions of LockDown detected port connections made to your computer by default. Current versions of LockDown no longer do this by default.
    If a LockDown user wishes to receive connection warnings, the user will need to enable the port monitor in LockDown's Advanced Mode.

    There is nothing wrong with detecting a limited number of port connections or connection attempts on default Trojan ports. Even the older versions of LockDown detected some of the more popular Trojan default ports. About the same time that we upgraded our port monitor to watch all 65,535 virtual ports, new Internet worms were already flooding the Internet with random port probes. Code Red, Nimda and other variants began infecting millions of computer users. The problem is that these new worms as well as some of the older network worms scan random subnets. This means that there are millions of infected computers out there scanning IP addresses and setting off nuisance alarms in port monitoring software. We have seen this problem escalate alarmingly over the past months and it will continue to become a more wide spread problem than it already is. This is only causing panic to users that do not understand what is going on.

    As with any IP scan, the scan itself is harmless and not against any law to perform in most States and Countries. In the days that LockDown was detecting port scans, a user would be lucky to get 3 or 4 connection attempts on a daily basis on a cable modem. The sad thing is that now with these new worms, it is hard for an end user to tell what was a real default Trojan port and what was some random hit. Technology has also expanded to where hackers can manipulate compromised computers to perform default Trojan scans on command. This leaves you to wonder if the connections are really coming from the hacker. In most cases it is the hacker using one of his victims computers.

    When someone makes a complaint today, they now need to make an allowance, knowing that virtually 99% of the time, the port is not even open on your computer and they could not have got in anyway. It is often some poor infected soul. To top it all off, in almost EVERY case, the port that was detected does not even exist on your computer! If you place a complaint and cause the infected computer user to lose their Internet account, how will they ever get the infection out of their computer seeing that the outdated protection on the store shelf will need to be updated online, to catch the latest Worms and Trojans?

    Another thing to consider is the RUTHLESS Dumb Port monitor or blocker that is reporting HALF/OPEN scans. The number of potential false alarms is UNFATHOMABLE. If any computer touches your IP address even for legitimate reasons, the Dumb Blocker will alarm off. If there was a proper understanding of what was going on out on the Internet, or some kind of detailed explanation that came with the program, it would not be half of the problem that we have today. New Internet users are scared out of their wits and thinking that "200 people tried hacking into my computer today", and "My, what would I ever do without my Dumb Firewall program to protect me from these non existent threats?"


    Fear Mongering
    We do not want to be part of this DELIBERATE fear mongering! The port monitoring included with LockDown plays NO part in the direct protection of your computer.
    It is included for informational use only.

    It would not be hard for the Dumb Firewall program to report:

    "UDP Port Connection Attempt Detected Going To Port 2344
    This Port Does Not Exist On Your Computer -- No Action required"
    Or NO need to worry, you could not have been harmed anyway.

    This type of reporting may not make as much money from the people out there scared out of their minds, but it would be the more honest way to present the Dumb thing :)



    STEALTH

    Some people that use a Dumb Firewall Blocker notice that it gives them a limited level of Internet stealth. Those that promote these types of programs immediately urge the user to visit one of the popular online scanning sites to "make sure that their ports are stealthed". The user then visits the site and runs the online scan. It is like a miracle! It appears that the Dumb Blocker just stealthed their ports! The key word here is "APPEARS". The reader will be surprised to find out that more than likely they just visited one of the online scan sites that scanned between 10 and 80 ports out of the 65,535 virtual ports on their computer. If a complete scan was done, open non-stealthed ports would have been found if you are like most users that have trusted Internet programs. The reader will also be surprised to find out that many of the ports that were scanned by this online web scanner do not even exist on their computer!
     
  2. snowman

    snowman Guest

           until now I was not awear that there was a thread were we could all tell jokes........an laugh!

           

                       Snowman
     
  3. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Well Snowman, my dear friend, with a 12pack by my side, brace yourself. The night might be long !;)

    Wait a second, i might just try to solve the riddle !
     
  4. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Are those your words controler? I only read thru it quickly as it is rather long and it turned me off immediately. Sorry.
    Is there something here we can discuss? :)
     
  5. controler

    controler Guest

    Snowman ? take the time to explain the truths or Fallacies of my thred

    I take it you don't aggree?

    Riddler< Micky? Come on now be nice. I am trying to contribuite in my own way. Right or Wrong.



    [move][glow=red,2,300]controler[/glow][/move]

    Dang I will never get the scrolling Glow
     
  6. controler

    controler Guest

  7. snowman

    snowman Guest

        Controlar

        "take the time" appears like a demand....not a request.......Controlar, you have the most wonderful sense of humor........thats truely a rare gift...


                    snowman
     
Loading...
Thread Status:
Not open for further replies.