 ccseifert
join:2001-06-25
Syracuse, NY | Sweet. Is there anything more ironic than a firewall with a system-takeover vulnerability? | |
|
 | 
MarkAW
Call me lil bratt
Premium
join:2001-08-27
Canada
 ·Cogeco Cable
 ·Bell Sympatico
| Re: sweet ISS advisory about Checkpoint termed 'inacurate'
"An advisory about vulnerabilities in the popular Checkpoint firewall, put out by Internet Security Systems last week, was inaccurate, a senior Checkpoint official says.
Scott Ferguson, Checkpoint regional director for Australia, New Zealand and the South Pacific, said the advice provided by ISS in its advisory was "not entirely accurate."
"One alleged flaw referred to a key exchange over private networks - this is referring to a three-year-old issue and the installed base has been upgraded a long time ago," Ferguson said." »www.smh.com.au/articles/2004/02/···498.html | |
|
| PGDUDE
join:2001-06-15
Bowie, MD | Re: Sweet. Solution: Run both a hardware and software firewall. I run both a a netgear firewall and the latest ZA 4.5.538. That is plenty of protection for most home users. | |
|
| |
Mellow
Premium
join:2001-11-16
Salisbury, MD | Hardware Firewall Once again, all the more reason to get a hardware firewall. If you want something done right get a good HARDWARE firewall. | |
|
| 
Corvus
Flaming Tards Since 2003
Premium,VIP
join:2003-11-26 | Re: Hardware Firewall And good hardware firewall doesn't mean a 50$ router  | |
|
| | 
qdemn7
Smurf in My Loop
Premium
join:2003-09-16
Fort Worth, TX
| Re: Hardware Firewall said by Corvus  :
And good hardware firewall doesn't mean a 50$ router
So what would you (and Mellow) reccommend as a "good" hardware firewall? | |
|
| | | 
koitsu
Premium
join:2002-07-16
Mountain View, CA | Re: Hardware Firewall A pair of scissors. | |
|
| | | |
| | | |
qdemn7
Smurf in My Loop
Premium
join:2003-09-16
Fort Worth, TX
| Re: Hardware Firewall said by Mellow :
For the best I would go for a PIX. But your everyday consumer cant afford or configure that kind of setup. I recommend something that has SPI and has rule sets. An easy user gui doesnt hurt either. If you want cheap you can find the Netgear FVS318 at staples for $150. I have this installed at a remote office handling VPN with no problems. If you want to go cheaper and have a spare box you can do a smoothwall/ipcop/etc.. linux software firewall. I use ipcop at home and love it, it runs fine on an old cyrix 586 with 64megs in it. Just chunked in 3 nics and configured it, so now I got wan,lan,dmz. You cant beat that price $0.
Tanks for the info. That Netgear looks like a good deal for $120 @ Newegg. Actually I was thinking of upgrading to Zywall 10W. I've been very happy with my $30 DLink DI604, but I'm always thinking about what's next.
--
"It's the squares who know how to fly the fighter planes and operate the missiles and the bombs and work the M-16s. Liberals would still be fumbling with the federally mandated trigger locks." -- P.J. O'Rourke | |
|
| | | shuubz
A Good Kind Of Pain
join:2001-02-12
Dexter, MI
| Netgear FVS-318, updated firmware, remote admin turned OFF.
List price is USD149.00 for a true-stateful-inspection appliance.
Can clone a MAC address on the external interface, in case you use a Comcast-like, sphincter-grade ISP that registers MAC addies. Includes an 8-port 10/100mb switch.
Good set-it-and-forget-it security, will even email/ship logs to a designated syslogd-enabled entity.
--
What is left for the meek is not worth having...I don't need a shepherd, I need a Muse...The only thing I can call my own is who I am; insecurity is pointless. | |
|
| | | 
AnonGuy
| I run Smoothwall, (www.smoothwall.org) and it does a great job. Easy setup, web interface etc.. Check it out. | |
|
| | | |
qdemn7
Smurf in My Loop
Premium
join:2003-09-16
Fort Worth, TX
| Re: Hardware Firewall said by AnonGuy:
I run Smoothwall, (www.smoothwall.org) and it does a great job. Easy setup, web interface etc.. Check it out.
Thanks for the heads up. I'm running ZA Pro + NAV 2003 behind my DLink and I'm pretty happy.
--
"It's the squares who know how to fly the fighter planes and operate the missiles and the bombs and work the M-16s. Liberals would still be fumbling with the federally mandated trigger locks." -- P.J. O'Rourke | |
|
| | Tommyastro
join:2004-01-18
Poughkeepsie, NY | There is NOTHING wrong with a $50 router. I have one and it works just great. Big bucks don't always mean the best.
Try again. | |
|
| | | 
Qumahlin
Never Enough Time
Premium,MVM
join:2001-10-05
West Chester, PA
| Re: Hardware Firewall said by Tommyastro :
There is NOTHING wrong with a $50 router. I have one and it works just great. Big bucks don't always mean the best.
Try again.
Um yes it works as a router...but not as a true firewall, especially if it's a crap linksys router.
--
Forum Posts:4004 | |
|
| | | | 
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| Re: Hardware Firewall said by Qumahlin :
said by Tommyastro :
There is NOTHING wrong with a $50 router. I have one and it works just great. Big bucks don't always mean the best.
Try again.
Um yes it works as a router...but not as a true firewall, especially if it's a crap linksys router.
first /me waves to the other smoothwall users on the forum and asks do you know of any software that reads the logs from it like wallwatcher for example (pm me if you do)
and now why are linksys routers so bad? Minbe is a old befsr41 thats now sering as nothing more than switch hub what ever you want to call it. I bought it new when it was new how ever many years ago that was and have had no problems ever. Is there some huge exploit that breaks the defenses it has for your lan or what ? just curious here i hear people say how bad they are but never what makes them bad.
--
my fav mmorpg »www.rubiesofeventide.com my site »spellbound.valshea.com/news.php | |
|
| | | | | Tommyastro
join:2004-01-18
Poughkeepsie, NY
·RoadRunner Cable
| Re: Hardware Firewall Dragon,
The guy for some reason has a bug in his bonnet against the lower priced Linksys, ignore his comment. The $50 linksys I have is not bad, it works just fine as I said. It has been blocking EVERYTHING, including the HUNDREDS of Mydoom attempts the past week or 2. I use Link Logger (paid for it 2 days after downloading it) and it works great also, shows/tells you everything.
As I said, there is NOTHING wrong with the BEFSR41 I have, it's been working like a champ for a month now nonstop.
Tom | |
|
| | |
Lindy0001
@comcast.net
| Conclusion: Healthy Setup! We could detect no interesting responses from any of the commonly probed TCP and UDP ports. It would be difficult for an attacker to know where to start without further information
___________________________________________________________
All that security from my $50 Linksys router. I dont run firewall software in the inside of my router. I have an WWW/FTP server running on Windows 2003 with those ports forwarded to it, and three XP Pro clients.
I have never been hacked to my knowledge. I dont believe you need expensive hardware or software...you just need to know WTF your doing.
Having good Anti-Virus software always updated, POP blocker like google bar (free), spyware software like Ad aware (free), you $50 Router set to repsond to nothing on the internet, and running windows update everyday set to download and install. Dont use stupid software like Kaza and for god sakes have semi-complex passwords on your systems. | |
|
| | | | 
IronChefMoto
Premium
join:2001-02-08
Alpharetta, GA
| Re: Hardware Firewall said by Lindy0001:
for god sakes have semi-complex passwords on your systems.
So..."password" or "secret" aren't good passwords to be using? DAMN! FOILED AGAIN!
IronChefMorimoto
--
Desktop: Abit NF7-S 2.0 | AMD AthlonXP 2500+ | 1GB PC3200 DDR | 128MB ATI Radeon 9500 Pro
Laptop: Dell Latitude C810 | Intel PIII-M | 512MB PC133 SDRAM | 32MB Nvidia GeForce2 Go | |
|
| | | tc17
join:2003-08-14
| said by Tommyastro :
There is NOTHING wrong with a $50 router. I have one and it works just great. Big bucks don't always mean the best.
Try again.
I totally agree. Except some people seem to think something isn't good unless it costs big bucks. This thinking is why our Goverment pays $1000 for a hammer. | |
|
| | |
| | |
| | | 
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs:
| Re: But...COMPUSA wouldn't lie...right? What attack is not blocked by a simple NAT router? Obviously the thing doesn't protect you from e-mails and DOS attacks, but I don't understand all these people saying that a simple hardware firewall is somehow inadequate.
--
Jimmysquid.com - I take pictures. | |
|
| |
Corvus
Flaming Tards Since 2003
Premium,VIP
join:2003-11-26 | Never heard any exploits about accessing linksys console on Wan side?  | |
|
| | |
| | | 
Tursiops_G
Technoid
Premium,MVM
join:2002-02-06
Norwalk, CT
clubs:
·Optimum Online
edit:
February 16th, @11:00PM
| Re: Hardware Firewall Edit: something went wrong with this post... Reposted at end of thread (?) :/
(original text):
Or, How about getting that old 8MB 486/66 box out of the basement/garage/junkpile, removing the HD, installing 2 ISA NICs, and running the FREE GnatBox Light S/W »www.gnatbox.com from Floppy? Total cost: $0.00 (if you already have the PC and the 2 NIC cards on hand, that is.) | |
|
| averagedude
join:2002-01-30
Mesa, AZ | I hear this talked about allot, and I am confused as to what makes a "true" hardware firewall. Could you give a make and model number of an "affordable" unit? | |
|
errantmind
@mc.videot | oh well... Sygate is better anyway  | |
|
| |
GNXPower
Got Boost?
Premium
join:2003-12-18
Huntington Beach, CA |  What's the point without specifics...
| |
|
| 
Steve
ho ho ho dammit
Consultant
join:2001-03-10
Yorba Linda, CA
| Re: What's the point without specifics... said by GNXPower :
There is little to discuss or do about this without them.
Sure there is: the vendors have been notified: Pressure them.
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site | |
|
Kip patterson
Premium
join:2000-10-23
Columbus, OH | Keep in mind the source These vulnerabilities have been reported by a firm in the business, a competitior of sorts.
They should be confirmed before anyone gets too concerned. | |
|
| |
vic102482
Premium
join:2002-04-30
Upper Marlboro, MD | This has been an issue for years Software firewalls can be at the mercy of the OS. Hacks have been out for years on software firewalls.
--
I tie a rope around my penis and jump from a tree, don't you wanna grow up to be just like me!!!! | |
|
KaziSmith
Premium
join:2001-06-29
Dallas, TX
| whoa FLASHBACK Wasn't this an issue not more then what, 2 years ago with ZoneAlarm with a master key or something?
Well, at any rate, im glad I run Kerio  (It could have a vulnerability too... who knows O.o) | |
|
Soapm
join:2001-07-15
Aurora, CO | Rebrand? I guess they will just rebrand the firewalls as VPN application's? | |
|
| 
coxta
Ultramundane
Premium
join:2000-07-15
LALALALALALA
·Pacific Bell - SBC
| Re: Rebrand? A hardware firewall? That's just a box with a stripped down OS. It still uses the same firewall software.
ZA is now owned by Checkpoint. They have the best firewall on the market hands down. I'm sure that if they want to they can put the resources towards resolving this issue.
--
If true happiness can only be achieved through a state of nothingness, you're going down the right path. | |
|
| | FootstepsOG
join:2004-02-17
Tucson, AZ
|  Re: Rebrand?
| |
|
|
|
|
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs:
| Re: Folks, let's make up our minds..... You gave me a good laugh there. Do you really think you can walk into a Barnes and Noble and find out how to discover and exploit an unknown buffer overflow in a major software product? Give me a break. I'm not saying that any package is totally secure, but the idea that you can get information on specific vulnerabilities from some random book on "hacking" is pretty far-fetched.
--
Jimmysquid.com - I take pictures. | |
|
| | 
cbrigante2
Cubs 20??
Premium
join:2002-11-22
North Aurora, IL
| Re: Folks, let's make up our minds..... said by Rhobite :
You gave me a good laugh there. Do you really think you can walk into a Barnes and Noble and find out how to discover and exploit an unknown buffer overflow in a major software product? Give me a break. I'm not saying that any package is totally secure, but the idea that you can get information on specific vulnerabilities from some random book on "hacking" is pretty far-fetched.
»search.barnesandnoble.com/bookse···23&itm=1
Thought it might be prudent to look that "fact" up | |
|
| | |
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs:
| Re: Folks, let's make up our minds..... said by cbrigante2 :
»search.barnesandnoble.com/bookse···23&itm=1
Thought it might be prudent to look that "fact" up
That book's just a list of old vulnerabilities that have been patched for a long time.
--
Jimmysquid.com - I take pictures. | |
|
| | | | 
Boogeyman
Drive it like you stole it
Premium
join:2002-12-17
Huntsville, AL
·Comcast
| Re: Folks, let's make up our minds..... Only patched on systems whose users keep thier stuff patched. Thats the main problem, most people dont patch thier software and OS. If they did, there wouldnt be so many DoS attacks, virii, trojans, and worms running around.
And there is a lot you can learn even from old exploits that have been patched, you can set up your own network with an unpatched machine and try them all out, learn the basics, ect.
--
"There's no such thing as a soul. It's just something they made up to scare kids, like the Boogeyman or Michael Jackson." - Bart SimpsonDigital Anime, where all the lamers come to play | |
|
|
cbrigante2
Cubs 20??
Premium
join:2002-11-22
North Aurora, IL | I kind of figured the books were about htat, but like boogyman said, you can learn a lot from how it's patched. | |
|
systems2000
What? You Say It's Fixed. Hah
join:2001-11-29
Cyberspace
·Embarq
| There Are Good Choices
Did anyone really read the quote? quote:
"anonymous attackers to compromise default installations of the affected software..."
If you don't trust software firewalls, SMC has a NAT/SPI router (SMC7004FW) that fits the Stateful Packet argument for a fairly low cost.
»www.smc.com/index.cfm?sec=Produc···6&site=c
Look'n'Stop has a pretty powerful software firewall. | |
|
|
See 9 replies to this post |
|
Thasp6
The Thasps Are Everywhere.
Premium
join:2003-06-08
Your Mind.
| Ah, more the reason... To say ZA sucks. That program was garbage when I last tried it, and several more security flaws is icing on the swiss cheese cake.
Sygate and Kerio are a lot better anyway.
--
THE THASPS ARE EVERYWHERE. | |
|
| |
|
shutchi2
join:2002-04-13
Lincoln Park, MI | Blackice Did anyone else notice that Blackice Defender had a new update as of today? Timing seems a bit suspicious, but didn't see any new information on it... | |
|
|
BMax
@aol.com
| Re: Blackice  Black Ice has stopped working for me....beware....block intruder forever huh probed 13 times today have no idea what damage/theft has accured. On Thin Ice can anybody help? Soon tobe frozen | |
|
MikBo
Just Happy To Be Here
Premium
join:2002-01-04
Lynchburg, VA | Zone Alarm Updated Just received update for vulnerabilty in ZA,2-18-04,apparently addresses issues that were recently discovered.
--
"Things will get better,despite our efforts to improve them!"--Will Rogers | |
|
|
|
|
·
·
Horsecrap !
·