Shields Up

LnS enhanced ruleset + additional presets from LnS website for filesharing programs, Windows 2000.

While running Emule and Kazaa at the same time, many ports were not in stealth mode in Gibson Shields Up test. Many were closed and on 1 occasion a port was even open. Is this normal behaviour?

 

Hi Martin,
I don't know Emule but if you share files in Kazaa, the program acts as a server, so people can download files from your computer.
Servers need to have open ports to be able to serve.
Dolf

 

Hey Martin Aston

I’m using KaZaa Lite for reasons I don’t need to mention?!?!?
I customized the “Incoming Port” setting in KaZaa Lite to something other-than the Default, like 1653 and made two KaZaa Lite rules;

Rule Name: KaZaA Lite
Direction: Internet >> PC & PC >> Internet
Ethernet: Type: IP
IP Protocol: TCP
* Source (PC >> Net) / Destination (Net >> PC)
IP: address: Equal my @
TCP/UDP: port: 1653

Rule Name: KaZaA Lite-1
Direction: Internet >> PC & PC >> Internet
Ethernet: Type: IP
IP Protocol: UDP
* Source (PC >> Net) / Destination (Net >> PC)
IP: address: Equal my @
TCP/UDP: port: 1653

Then I configured the two rules App-List for KaZaa Lite and placed them just above “TCP : Block incoming connections” rule so it can act as server rules.

 

Thanks for the replies.
Apparently running filesharing programs reduces the security level a firewall offers. I have to admit that this gives me some cause for concern, because I always have these programs running while using the computer. If LnS (and probably other firewalls) can't offer maximum protection against the friendly fire from Shields Up, what while happen if I encounter a "bad guy"?

@PhantOm
What is the effect of these rules? Do you use them to replace the default LnS Kazaa Rules?

 

Hi Martin,

Yes, filesharing programs are indeed a security problem - due to the many connections and serving ports they require, they make your firewall (any one) almost look like swiss cheese.

The only good thing is: you know what sits there in the holes of the cheese - only your filesharing program (no other services that could be exploited). But this is already where the good things end: The filesharing services namely have their own exploits, so the attack would be directed directly at your p2p program (not the windows TCP/IP stack or some other service).
If the "bad guy" (or girl) isn't after you in particular, she will just drop a virus/worm into the KaZaa network that will infect all connected vulnerable stations.
If she is trying to attack you in particular, she will find your IP one way or another, look at your shares and your file requests, set up a fake server corresponding to your profile and wait for you to request the virus directly.

KaZaa in particular is known to be vulnerable to quite a couple of attacks/virii (actually, they're "worms") - search for "KaZaa worm" in google ("Benjamin", "KWBot" were early ones, "Gruel.B", "Lohack.B" and "Numan" probably is the latest (the latter one deleting vital system files when coming active)).

If you want to continue running filesharing programs, consider the following:
1. Keep your filesharing program up to date. Sometimes the vulnerabilities that the malware uses are fixed in new versions.
2. A good AV is a must - keep it up-to-date and scan your shares/download dirs *very* frequently. Also have resident protection enabled. Maybe even a dedicated anti-worm software?
3. While you're sharing, pay attention to outgoing connections - you should be suspicious if suddenly another file (other than your filesharing program) wants to call out. A firewall like LnS can help you with this - as can DCS's port explorer (which should be used as an addition to your firewall, not as a replacement).
4. That means, consider not having them run all the time in the background, but only in dedicated sessions where you can pay more attention.
5. Consider using another network. How about emule or even gnutella? (I'm using emule.) They're at least a bit more secure than KaZaa - but also less popular which means a less good offer of files.

More ideas anyone?

Andreas

 

Hey Martin Aston

Anyone who runs Local servers of some type always taking a risk of their computer being comprehended, however it’s very important to make sure you keep up-to-date on a regular bases to avoid all known security threats for giving server software.

Using KaZaa Lite I take the necessary steps to ensure I’m secured;

1. Updating KaZaa Lite Software regularly
2. Changing “Incoming Port” to something other-than the Default 1214 (Options\Kazaa Lite k++ options... Firewall\"Incoming Ports")
3. Disable Sharing to Others (Options\Kazaa Lite k++ options... Traffic\"Disable sharing of files with other users.")
4. And make other modifications;
* tick (Advanced\"Do not function as a SuperNode")
* un-tick if not by Default (Options\Kazaa Lite k++ options... Firewall\"Use port 80 as alternative incoming connections")
* tick (Options\Kazaa Lite k++ options... Messages\"Ignore all incoming messages")
* tick (Options\Kazaa Lite k++ options... K++ Options\”Privacy”-
- Block bad IP ranges (eg. RIAA) (*)
- Users can’t get a list of all your shared files

Hmmm yea so I I’m an L-E-E-C-H-E-R; let the other poor bastards share and be at risk of theirs Systems being comprehended while I sit back and enjoy the moments (Downloading securely).

 

It’s not that I don’t want to share though, it’s just that I don’t trust sharing using these poorly coded p2p Software… I rather just enjoy the moments leeching off of others, while there always be many who don’t take the time to learn of the possible threats and take the necessary steps to ensure their safety. If possible, until people do us the cyber-educated should just enjoy the moments of Leeching.

 

Phantom - I am surprised - I hope you didn't leech your copy of looknstop. LOL

I believe that if it is good then it is worth paying for / rewarding / encouraging the developer - and looknstop is good, and if it's bad you probably don't want to be running it anyways so uninstall it after the trial.

 

LOL

Hey fryr

I said I was an l-e-e-c-h-e-r, I didn’t say of what type of materials (Freeware? Shareware? Retail?).