Are newbies running a firewall?

Felipe Figueiredo philsf at ufrj.br
Tue May 8 16:18:25 UTC 2007 

On Monday 07 May 2007 16:19:54 Chris Maaskant wrote:
> Felipe Figueiredo schreef:
> 
> > On Sunday 06 May 2007 18:59:19 Chris Maaskant wrote:
> >> Anyway, i do like to be invisible from the net.
> >> I don't feel the need to provoke a hacker.
> > 
> > There is no such thing as invisible on the net. You may be pingable or
> > not, but if you have a route, you are visible.
> > 
> Allright, then i want to be as invisible as i can without pulling the
> plug ;-)

That's the point. You are a hippopotamus hiding behind a tree. Whenever you 
scan a host, and get NO response at all (no closed ports, no unroutable 
response, and no tcp response - packets are simply dropped), it is obvious 
there is someone there trying to hide.

Actually, I mentioned routing because I found out completely per chance that 
if you are not routable to, you may still have a route yourself to the world 
(I thought my routers would be smart enough to set routes automatically but I 
guess RIP is oversimplified).

My case was: I disabled the routing protocol in my network's gateway, and no 
one inside ever noticed. Well, except for the little fact that no email ever 
came in (details...). So, since my gateway had a static default gateway 
itself, traffic from inside to outside surprisingly was routed normally, and 
responses were routed back (no NAT, just plain IPs).

So, in that situation, every ip inside the network was truly invisible in the 
sense you are looking for, because pings were returned as unroutable.

This broken behaviour is nonetheless not intended, or recommended except for 
testing purposes, of course. YMML

If you want protection, don't let servers you don't need active, close doors, 
use a stateful firewall with policy to drop or reject, and if you are really 
paranoid about DoS, rate restrict incoming packages. Not to mention keeping 
up to date with security patches whenever they are available. 

No matter how simple your needs are, if you leave a machine completely 
abandoned permanently connected to the internet, when time goes to infinity 
it will be exploited somehow with probability 1. ;)

regards
FF

More information about the kubuntu-users mailing list