Stealthing Ports Question

Discussion in 'ten-forward' started by Checkout, May 1, 2002.

Thread Status:
Not open for further replies.
  1. snowman

    snowman Guest


            here is the url regarding info on may want to consider putting it in your Favorites.


  2. FanJ

    FanJ Guest

    Good suggestions, Snowman.
  3. Rickster

    Rickster Guest

    I don't know….I centered my whole system on the subject.  XP's ICF has no conflict with ZA and have a 65/35 split among IT pro's in favor of layered defense.  Knowing I was going in for a full-blown upgrade, we decided to take it on a suicide mission to the darkest corners of the web.  Plus a couple of creative IT types took a good whack at it with the advantage of knowing the security architecture.  Just curious to see how things stack up outside the safety of market-driven tests and audits.

    Couldn't get pass the firewall at all, but some felt the stateful nature of XP's ICF would further frustrate attempts if they did.  Went to known infected sites and found quite a few unknown ones.  While firewalls close huge avenues of attack the balance seems to be from malicious script via browsing and e-mail.  These are layered too, so beyond redundancy, things that slipped by Proxo got blocked by Spystopper - those clicked-on or "invited" got nailed by SurfinGuard or ExecProt.  Likewise mail that got past the Firewall mail protection got nailed by OE or Norton02.  Would like to have run Norton through more paces, but it appears the front layers are tough to get by.  Nothing made it to the registry's front door - where RegProt would have revealed and killed it if it got that far.  

    Variants by the creative couldn't thwart the behavior-based programs, adding some confidence about unknown/undefined versions yet to be discovered.  I'd say firewalls and ancillary programs do pretty much as represented.  Anyway, we gave it the 'ol college try to screw it up for days and failed.  Takes time to find the best no-conflict range, but considering the depth of the layers, the system is remarkably stable.  If it's possible to say "bullet-proof" - I'd say, as long as you stay patched-up and updated, I vote yes….but would preclude a well-funded and dedicated effort aimed exclusively toward it's destruction.

    Nothing varies more than opinion on actual need or how to go about it.  Set aside all reasons, I opt to guard the system's dollar investment from being corrupted on that basis alone.  I would like to thank all forum participants here and elsewhere for the valuable feed-back that helped accomplish a stable and secure home/business OS.  

    Regards,  Rickster          
  4. bubs

    bubs Registered Member

    Apr 28, 2002
    Suffolk, England
    If invisibility is the best form of defence, maybe I won't rush to change from ISDN dialup to ADSL when the 21st century finally hits my corner of rural England.

    - Strange, he thought as he waited for the next page to load...........

    But seriously, that's a real bummer if you need to try and do a WAN link at 64k for your day job:'(
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.