Question about Firewall, P2P and security:

Hi,

P2P has nothing to do with piracy. Like saying you don't support VCRs or DVD burners, because they support piracy.

P2P is legitimate technology. People can use it for whatever they want. Just like people decide to use guns for lawful or criminal activity.

P2P is an effective way of sharing content around the world, like Linux distros, for example. Plus, it allows exposure to rare content that you can't buy anywhere, like old Czech movies, old Yugoslav movies, books in various languages etc.

Mrk

 

Next one may say: "I steal my music CDs because of a personal decision not to support P2P piracy".

Just a choke.
But morality is given by what you share not if you share with P2P software.

Cheers

 

ahhh. I love these organized and regulated membership sites. It gives you a new found appreciation for the torrents & torrent system.

 

Yes, bittorrent is currently the safest the safest P2P protocol, not necessarily malware-specific, but also in the way you share you files. You never give anyone access to anything on your hard drive except the very file/files you are downloading/seeding; there is never any way for the peers you are connected to to see or access anything else on your hard drive, and there are no known vulnerabilities in the latest versions of the main bittorrent clients (uTorrent and Azureus for example).

 

That's a whole different arguement that can take an entire different thread to a thousand pages with peoples opinions that will not change. I disagree with "has nothing to do with piracy"...I'd state that it's one of the biggest vehicles used in music, warez, and movie distribution outside of the retail channels. The % of legit users going for legit content...versus kiddies getting pirated "stuff'...I'd wager that's more of a 10/90 ratio than 50/50.

I go through ooodles and oodles of *nix distros..can't find where the standard download from their site has ever failed me.

 

Hello,

Try downloading suse or fedora from the main repositories; they will usually be slow. Try bittorrent or something like that, you can get the distro in minutes.

I agree about the ratio. Now tell me, how many people used VCRs to copy movies they rented?

It's not about technology, it's about human nature.

And then, think of the positive exposure; so much rare content, forgotten art, mundane art, niche markets, all thriving because p2p brings content from millions of global users to millions more. A true sharing, a true world wide web.

Just the matter of how you see things and do things.

Downloading an occasional movie you can't get in the usual way? Well, if you feel like a criminal, then donate to local charity or arts museum and you're square.

Mrk

 

People do use P2P for piracy but it doesnt mean p2p was created for piracy.

P2P is a just tool that can be used for good or bad.

 

Back to my original point about P2P content being infected..when you "think" you're downloading some bands song for free....that MP3 file is..not so friendly

http://smoothwall.com/news/newsitem.php?id=1459

http://www.avertlabs.com/research/blog/index.php/2008/05/06/fake-mp3s-running-rampant

http://www.itpro.co.uk/security/news/195672/file-sharing-infects-500000-computers.html

 

Which could very well be downloaded on a website. Anyway,

Main thing here is that, if you fear this can happen, get a program that blocks executables.
From set and forget solutions like Abtrusion Protector, free but not developed anymore, and Anti-Executable, paid, robust and really easy.
To a more evolved, and complete in other areas, SSM free and similar (HIPS).
Even built in tools like SRP (for XP Pro, or as tlu in another thread suggests, turning XP Home in Pro).

To me this is obvious, P2P or not. You run what you want to run, nothing gets executed by mistake, trickery, or remote code execution. For most activities, this should be obvious to use, if explained to the user. A pdf doesn't need to execute anything, nor mp3's, nor movies etc. Executables are programs, period.

 

The only things i download are from a private bittorrent sites so i am 100% safe

 

Again, stay with Scene material - no infections, MP3 or not.

 

Thanks everyone! this is a GREAT POST about P2P and Firewall security regarding P2P

I wanted to do a quick summary of all the major points:

The basics of Firewall and P2P security:

1. Use a physical firewall ( router ) for inbound protection

2. Use a software fire wall for outbound protection:

This is to protect malware on your computer to communicating to the host information about your computer

3. The safest P2P is Bittorrent:

4. Use Azureus and Utorrent, and always keep them updated.

5. It is safe to open *the correct ports *so your P2P program can download / upload faster

P2P & Malware

1. Do not download random files from random sources

2. Use trustworthy and credible sources such as Private Trackers (Bittorrent), ED2K for Emule, etc

 

Remember, nothing is 100% safe. I do believe that private bittorrent is much more regulated and safe than public open sites. Although, I do believe malware is still possible.

The only places that I can believe that is 99.99 safe is from credible retailing software distributors (Like Microsoft, etc)

(Please correct me if I am wrong)

 

OK, so I think I listed a summary of the major P2P and Firewall Security.

*But I don't have an understanding of how exactly can your security be breached:

Ok, you said Theoretical risk, = Low risk. But, is, in fact, possible.

So, let's continue to assume that your computer is clean and no malware:

And Let's say you ran Azureus as the P2P program (That is CLEAN).
Let's say there IS a vulnerability and you don't update or patch it.

Question #1:

Now, how *exactly does a hacker exploit that vulnerability to attack your system. What exactly is attacking your system. Does this mean they can use Azureus to *actually put malware into your computer?

*Now, in that scenario, Azureus must have *full access rights to your computer. (I think most if not all programs by default have full administrator rights)

Well, what if you run a program like Dropmyrights which *takes away administrator rights from programs.

Let's go back to the scenario, and say that we take away Azureus's administrative rights using that program.

Now, since Azureus doesn't have any rights, *even if Azureus does in fact, have a vulnerability. And even if a hacker tries to exploit it:

Question #2

*Aren't you still safe, because you've taken away Azureus's ability to compromise your system? Am I wrong here?



Now let's go one step broader:

If you took away full adminstrative rights of *all your high risk programs (Such as P2P, Internet Explorer etc) // OR use a Windows Limited User Account
https://www.wilderssecurity.com/showthread.php?t=196737


And lets say you uninstalled your firewall, and took out your router firewall. And now this leaves all your ports open.

Question #3

Would you be safe from attacks? Since none of your risk programs could be used to compromise your system (Since you've stripped all their rights away).

 

If all your ports are opened up it doesn't matter, you can still get hacked. Open up your door tonight and leave it open while you sleep, same thing. Your home may have a burglar alarm (HIPS and such in the computer world), but who cares, your door is open, I'm gonna walk right on in.

Something no one is mentioning as far as safety when using P2P, and IP blocker. Other users may not see your files, but without an IP blocker, the MPAA, RIAA and other such schoolyard bullies can connect to you and prove you are sharing an illegal file. I suggest Peerguardian 2. Let that run while you download, you'll be amazed at the amount of organizations trying to connect to you, especially on a public torrent website.

As far as your other questions, that's best left to people who know more than I do.

 

PeerGuardian is unnecessary, when uTorrent has a built-in IP-filter. It uses the same blocklists as PG.

Just add nipfilter:

http://www.bluetack.co.uk/bims/filters/

to the uTorrent folder under Document and Settings, rename it ipfilter.dat (delete the old one), and enable ipfilter in advanced settings. Check for updates on the page above regularly. It's the very same source that PG updates from, but it doesn't interfer with normal surfing like PG.

 

How does it not interfere with surfing if they are blocking the same exact IP addresses? I can leave HTTP allowed in PG2 and still get interference if the IP of the website I want or a server related to it is on that list, so how can the IP filter in uTorrent get around that? Also, completely off-topic, but after all the fuss over uTorrents' issues a bit back regarding their "connections" to various organizations, and the fact that it's closed source P2P app, I'm not so sure I trust its IP filter to begin with.

 

Oh wow, really?

That's kind of surprising because I couldn't imagine how exactly someone can *compromise your security via and open port *If your security has no exploitive holes
but then again, I don't have an in depth understanding of how firewalls, ports, and intrusions work.

(I'm excluding the less common possibility of a military precision team of hackers attack with super computers that can get into probably any home computer)


What about if you run Windows XP on a limited account like SunRun?
https://www.wilderssecurity.com/showthread.php?t=196737

If its not 100%, then At least running on a Limited User account is a lot safer correct?
As is in it being another layer of security in addition with your firewall. (Since your OS and all your programs are stripped away of Admin rights)

 

Hi,

Your analogy is inaccurate.

If you have a service listening on a port, it does not mean you'll get "hacked." It could happen only if the service has a significant vulnerability and someone trying to hack you can exploit it to gain privileges outside the scope of the said service.

People running p2p for years have their p2p ports open - and ... does that mean they get hacked every saturday night? No, they don't.

Being afraid of the big bad wolf is counterproductive. You should study the animal and then realize things are not as dreadful as they sound.

Mrk

 

I evidently don't know as much as I thought I did (which admittedly wasn't a lot to begin with), but cannot someone exploit a port that does not have a service running on it? Now, I'm using his example of having no firewall whatsoever. If you don't have one, they show as "open" correct? Now, of course you can open a port, for, let's say Emule, but once Emule is closed, the port will no longer show as open, right, just closed?

I was under the impression that an open port, service or not, was an invitation in. Pardon me while I go read up on this, I hate giving wrong advice.

 

But does using Limited User Rights or a Limited User Account (such as SuRun) add another layer of protection with your firewall?

Or is that more of a malware protection layer? OR BOTH??

 

Hello,

If you turn your firewall off and have no services listening, all your ports will be CLOSED.

Ports are not doors as you imagine them. Ports are numbers that allow your machine to accept multiple connections. And ports alone have no meaning.

It's the services listening on different ports that could be exploited.

Now, opening port for emule ... If you use a firewall, you allow the firewall to accept unsolicited incoming connections to the particular port. This is the idea of opening the port. That;s what you call service - service coming from the word server.

Open port = server, as simple as that ...

I'm not going to go into details regarding TCP flags etc, but that's the general idea.

And your application is listening on this port, awaiting incoming connections, so it can function properly.

If the app is buggy, it can be exploited, if not, nothing can happen.

But if you have no services running that require a port and even if you use no firewall, all your ports will be closed and you'll be as secure as you can be.


connect, yes limited user adds more protection - not firewall wise, though. The limited user can prevent exploits from being exploited, if they exist and someone targets them.

But if you know what you're doing, keep your system patched fairly often, you run a low risk of getting "hit" by someone exploiting a new wild, zero-day vulnerability.

Mrk

 

Understood, thank you MrkVonic.

 

OK. Thanks for the reply Mrkvonic.


So what I am getting from you is this: (And please correct me if I'm wrong)


1. Open ports, in and of themselves are *actually closed, until you run a service / program to use the port. (For example "Emule")


2. *It is *only in the vulnerability of a program / service *that uses a specific port, that allows an outside to compromise your system.

*Keep all your programs patched. And even if you turn off your fire wall. And you should be generally safe, correct?

*3. The program / service vulnerability that listens to a port, is the vehicle that the outside uses to compromise your system.

*And *This program vulnerabiliy, *has NOTHING to do with whether it has Admin rights or not, and so it wouldn't make a difference if you are running as an Limited User Account VS an Admin

For example,
a. Running a vulnerable Azureus (with full admin rights)
b. Running a vulernable Azureus (with limited rights under an LUA account)

= the same chances of being exploited?

The difference maker is *whether Azureus is vulernable or not:

is this correct?






So, if I am correct in my above statements, I *think I can conclude the following:
in terms of using different types of applications that require internet access or require ports:

Whether it is a P2P application, or a AIM / MSN messenger application, or an email client connected, or an IRC program such as MIRC.

*As long as the program is fully patched, we can use these programs relatively safely and connect to difference servers etc safely.


Can I safely conclude these statements?

 

Hello,

You got it well except one thing:

Exploiting a vulnerability depends on what the application can do!

It does not change the vulnerability itself, but it does change the potential impact on the system.

So ... if you have a vulnerable application that has a hole that can be exploited, the severity will be reduced if you use LUA, because in LUA there is only so much an application can do.

Chances of exploit - same. Severity of impact - different.

Therefore, using LUA is not a bad idea at all.

But if you use the admin account, make sure you patch your apps, especially if they interact with the outside world.

Mrk