Discussion in 'polls' started by Phant0m, Aug 9, 2003.
I have not submitted my vote yet as I feel the question can have many meanings.
I don't feel any software, or hardware firewall are 100% effective by any means, the only way to be 100% secure is not have any networked connection.
Hacking? Well, the only way they can hack you is if you let something in past your defenses, if you block the packets they are just probes. Servers have been exploited by hacking, but there has to be a listening service first.
Scans? Scans are just multiple probes sent out to test for connections, and responses. Almost every product these days blocks scans without any problem.
Nukes? What are nukes really? Malicous packets? If they are blocked they are not a problem, but when you consider protocols that most firewalls don't cover like ARP that could be exploited to possibly re-route or disable their connection. Very few even allow options to change any arp settings as you can disable your own connection by blocking one wrong packet.
What it all comes down to is what they are if they are not blocked by your firewall.... With the only exception of a true dos attack where a few key probes could actually disable your connection if they get past your firewall by some means, or they flood your inbound bandwidth to the point that your connection is unusable.
I’m probably be the 1st then to vote Yes; Look ‘n’ Stop has Complete Control over IP & Non-IP or Other IP Protocols (such like VisNetic Firewall). On my machine ALL remotely generated Hacks/Scans/Nuke attempts are BLOCKED Stone-Cold! I don’t run any Servers or at least authorize anything remotely onto them. My Software Firewall has TCP Stateful Packet Inspection Technology which prevents Spoofing of Active Connections, also preventing various scanning techniques (TCP PING, NULL, FIN, XMAS…) which at a point was capable of bypassing ALL Software Firewalls which didn’t have TCP Stateful Packet Inspection capabilities.
Note: If you receive Flood Packets from a Hi box and your Internet Connection Drops causing Active Connections to Time-Out, regardless your Software Firewall was blocking or not it’s impossible to prevent your Bandwidth from degrading. However with a Software Firewall BLOCKING it, you can withstand quite a bit longer.
IMHO, there is -no way- to be 100% secure, with the exception of a complete disconnect, and playing solitare until "the end". I always carry a quote with me from a once famous individual: "Anything made by man...can be destroyed by man". It does seem, at times, that we may be in the process of witnessing that prospect as we discuss these issues. "Hope springs eternal", though.
BTW- ZA is the FW...yeah, I've heard the nasty stuff about it...'getting bad press lately. But "...consider the source".
Heh, AplusWebMaster! If you like to prove me wrong let’s jump on ICQ or IRC or MSN and you do your thorough attempts…
Phantom, nothing is impossbile, so are you saying its impossible to get into your system from the outside? While something might be improbable in the best situation, notthing is impossible
BTW, just from your example configs you don't secure arp in any way when you must enable it, so there you go, your not 100% secure. I don't suppose you know how to secure a arp table, do you?
I’m saying ALL remotely generated Hacks/Scans/Nuke Attempts will be Detected&Blocked Stone-Cold! Not single soul were ever capable of breeching, and if you feel you can then you know how to contact me and you can run thorough tests…
There are numerous things I could have included but I didn’t; if you think I’m blindsided to securing against malicious ARP then you better view my rule-set provided at my website before making any assumptions.
I'll say no.
Time and time again suposedly bulletproof applications are defeated.
Total security is what we strive for but will never obtain. That doesn't mean we shouldn't try.
If a free or near free SW FW is the answer, Cisco is going to be out of business very soon.
That’s because people using Software Firewall which doesn’t provide the necessary functionality such like Complete Control over “IP & Non-IP or Other IP Protocols”, and those who are doesn’t have the experience to configure the Software Firewalls up properly to meet the necessary requirements.
I've been holding this back, but its obviously Phantom thinks very highly of LnS, and his abilities
Even most software firewalls will block almost all, if not all known exploits, and scans. Nukes... Maybe a made up term, but nukes are nothing more than probes when blocked.
No matter how well something performs under tests, it can't anticipate everything. Nothing is impossible, or bulletproof. While users are the main fault of error in most cases, the code is never perfect.
Yes I think highly of Look ‘n’ Stop and also VisNetic Firewall, two very good “Software Firewall” products.
And my abilities; yes I consider myself an expert of Software Firewalls and even Software Security in General. I could possibly go on about how I spent many years mainly focused on …, and so forth but I’m sure you aren’t interested in hearing it. If you are though, you could always contact me…
How the heck do you consider Nukes, Flood Packets probes?
I absolutely agree; no matter how much something performs under tests, it can’t anticipate everything. Like one has talent for different things one of my main talents is Software Firewalls and Software Security in General, and I’m telling you anything you or anyone can possibly throw at me, ALL will be Detected&Blocked.
And if you think you overall Real Hackers, script kiddies and so forth who over many years tried and failed miserable, that you can breech my Security Defences than be my guest and prove me wrong. Until one can finally be capable of proving to me that my Software Firewall and my Software Firewall configurations can be breeched then I’m going to look at the facts, which is complete protection against ALL Hacks/Scans/Nuke attempts.
absence of evidence is not evidence of absence.
Just ask any crytozoologist
In reference to TCP Protocols; is there something you think you know that indicates TCP Packet Structure being more then what is already known for Windows 9x/ME/NT/2K/XP? What about ICMP Protocols or UDP?
I do know that occasionally someone comes up with a malformed packet that has less than favorable results on many firewalls and it is possible that not every conceivable malformed packet has been accommodated.
Since we all know that a malformed raw packet can be written by anyone with some knowledge of the application layer ,transport layer ( TCP and UDP) and/or Internet layer (ICMP, IP) it becomes pretty hard to assert that a firewall is guaranteed to handle any possible case.
I doubt that the creators of any firewall would make that claim. Think of how much money they could make with that claim if they backed it up with guarantees like you get in the UPS industry (guaranteed not to fail or we give you $25,000 etc) Claims like that aren't made by any FW (hardware or software) manufacturer because it simply is too risky.
Hi, Phant0m would you please convince the author of LNS to put up a server, protected only by LNS, then post $100,000 (US) reward, for the first person to own the machine?
I could use the money, post the IP address of the server here and how to collect the money, give me a head start then go public.
Once the offer goes public the machine will be owned in two hours or less, But if by some miracle LNS can stop all of the attack's, The author of LNS will be a very rich man.
I am betting the author wont put his money where your mouth is but who knows, please try, thanks.
I don't think we can be 100% safe even with the best protection, settings or latest definitions.
When I shifted to ADSL a month ago, I discussed a long time about virus, worms, trojans, you name it, with a tech employee of the service company (I subscribed) and he said :
" If I decide to get into your sytem, whatever protection you have, I can be there tomorrow morning."
"We do offer a good virus and firewall security, but will never garantee 100% protection"
And then, he explained that it's childplay for certain people to get into a system when they really aim at it. He also said that he even "knows" how to and it isn't so difficult. (!!!)
Of course, he never said that one shouldn't get protected, it's even more important, but "nothing is completely, perfectly guarantee." Not yet.
ANW, before hanging up I warned him not to get into my computer!
And...I think that when we see virus companies been hacked or attacked, it speak by themselves,
Just my opinion,
**Sorry! I forgot to say that I'm using Zone Alarm and hear a lot of good stuff about "Look 'n Stop" firewall.
That will be my next option when I'll try a new one.**
LOL; The Author isn’t making claims of any sort.
And so full of yourself, you think you can breech my Security defences then contact me and you can give it your best shot. I’ll give you as long as you want to try…
Hi 'Sounds Good", although that would be an interesting contest, it is a tad off topic from what Phant0m`` is asking in his poll.
This poll is not "Who would win, L'n'S or the hacker comunity"
lest we digress, lets keep on target folks.
Now I could have possibly misunderstood you but what I’m interpreting from what you posted is that a rule-base Software Firewall with TCP SPI with a rule configured to BLOCK ALL TCP Protocol regardless of the direction, that today’s Software Firewalls such as Look ‘n’ Stop, Sygate Personal Firewall, Kerio and so forth cannot successfully block ALL forms of TCP packets?
Actually if that was what all a firewall was for you wouldn't need one, you'd just unplug your ethernet card.
Unfortunately, firewalls have to decide which packets to let through, and thus lies the problem.
I’m sorry I’m little dumbfounded at the moment, was that an answer to my post?
yes it was.
I can see that this isn't going anywhere. Anytime the UFO defense is used, it becomes pointless.
No offense to you Phant0m``, you may indeed be correct that L'n'S is whithout any flaw of any kind (actually I hope it is since we host them and that might be a nice reflection on us ). But your definition of proof doesn't follow the scientific method very closely so perhaps we can just agree to disagree
OK, so if that was an answer to my post then explain to me how TCP Packets can get “IN” when I have a rule to BLOCK-ALL TCP Protocol Inbounds…?!?!?
In Addition; with TCP SPI Enabled... Of course!
Separate names with a comma.