spectre5
join:2003-07-24
Mobile, AL
| When is "Stealth" not really "Stealth?"
I'm using ZA (free version) and 3 different sites I've visited say that I'm "invisible" to the internet and not there are no open ports or anything else that can be reached. None of these "firewall test" sites were from ZA.
Yet I see postings here about people's pc's being "hacked" from some derelict on the net. Are these people NOT using firewalls? Are these firewalls useless and the "test" sites basically full of it?
thanks |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| said by spectre5  :
Are these people NOT using firewalls?
Short answer: No. There must be zillions of them who roam the internet in blissful ignorance about security.
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
marti
Color outside the lines
Premium,MVM
join:2001-12-14
Houston, TX
clubs:
| said by John2g :
Short answer: No. There must be zillions of them who roam the internet in blissful ignorance about security.
Best one that I heard recently was a broadband user: "I don't need a firewall because I turn the computer off when not in use." 
--
*Team Z* Member
**PCQ&A Forum** |
|
LowWaterMark
Premium
join:2002-05-16
Wallingford, CT
| reply to spectre5
Well, being "hacked" is a very general term these days. People's systems can be compromised in a lot of different ways. Viruses and Trojans are the most common form of getting hacked, and while many of these come from people running un-firewalled file shares exposed to the Internet, a whole lot of people get hacked by opening infected emails or running infected files they chose to download. And many of them may very well have a firewall setup and running properly.
All the stealth in the world doesn't make up for the interface error that is caused by that thing that connects the chair to the keyboard.
--
Use the most powerful combo Firewall/AV/AT package available - "Common Sense" - It can be upgraded daily!
[text was edited by author 2003-07-31 13:33:56] |
|
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| said by LowWaterMark :
Well, being "hacked" is a very general term these days. People's systems can be compromised in a lot of different ways. Viruses and Trojans are the most common form of getting hacked, and while many of these come from people running un-firewalled file shares exposed to the Internet, a whole lot of people get hacked by opening infected emails or running infected files they chose to download. And many of them may very well have a firewall setup and running properly.
All the stealth in the world doesn't make up for the interface error that is caused by that thing that connects the chair to the keyboard.
Use the most powerful combo Firewall/AV/AT package available - "Common Sense" - It can be upgraded daily!
[text was edited by author 2003-07-31 13:33:56]
Couldn't agree more. However, there is satisfaction to be had in roaming the net invisibly (to others) and does prevent some spotty youth from trying to spoil my day. On top of which, it prevents pests like Windows Messenger Service pop ups. I've only had one of those, when I forgot to fire up ZAP 
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
spectre5
join:2003-07-24
Mobile, AL
| reply to spectre5
Sorry; I should've been more specific. I'm refering to having their pc and/or router hacked. My router (which is password protected) is included in those tests. I don't worry worms/trojans as I don't download just anything and I never open strange email. Also my Symantec AV stays up to date by downloading new defs from sarc. I also check it regularly.
So if the tests say I'm invisible is it BS? |
|
spectre5
join:2003-07-24
Mobile, AL
| reply to LowWaterMark
I've been assuming that these people that did get "hit" had already taken all precautions possible (including exercising common sense) and were still vulnerable.
LIke that guy with the router that had been hit several times (Hacker's Dream Come True or some variation thereof)
including having been locked out of his own router and pc. |
|
spectre5
join:2003-07-24
Mobile, AL | reply to spectre5
quote:
...that thing that connects the chair to the keyboard.
PICNIC |
|
gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
| reply to spectre5
95% of home and small biz cracks are inside jobs. They start with a download of some trojanized exploit that makes an inside out connection. The classic "intrusion" is almost non-existent on user blocks, and it's usually aimed at big targets, not at home users. For one thing, the means of ingress usually just isn't there, like it is on a corporate network. For a port to be vulnerable, there has to be something accepting connections, there. That means that you either have to make something listen there (as in distribute trojans, then scan for them or have them phone home), or you have to find a machine with a vulnerable service listening... an internet server, ftp server, telnet, and so forth... to connect to. They can scan a "closed" port 200 times in 10 minutes, bang on it with a rusty pipe wrench, hit it with everything they've got, and it ain't openin' lessin' something inside opens it up.
That's pretty much the nutshell version. I wish, very frankly, people would take seriously defending against outbound traffic and trojan/virus code as aggressively as they take seriously intrusion prevention... intrusion prevention isn't trivial, don't get me wrong, IF there's a means of getting in to become an "intruder." Now, granted, with the popularity of p2p and simular apps, and don't forget all those damned open NetBios and WinRPC shares, too... a lot more average users have ports listening and servers running they don't even know they have... but without any doubt, the number one forms of compromise most of us are most exposed to, and most vulnerable to, is trojanization, virus infection, hostile active content on webpages, scripts, e-mails, untrusted executables...
Stealth is all full of sound and fury, it seems, which, while it signifieth a bit more than nothing, signifieth not nearly so much as many people think it does... stealth, simply put, just does not "define" firewall security. It's a simple concept... drop pings, and use "drop" instead of "block" on unsolicited inbound connections. Scanner gets no response, hopefully thinks nothing's there. But, even supposing they did know something's there... aside from some clueless ankle biter possibly DoS'ing you from sheer frustration, there isn't much they can do, if all the open ports, if any, are firewalled, and all the accessible ports are closed.
--
I'm not good,
I'm not nice,
I'm just right.
I'm the Witch.
You're the world. |
|
jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA
| reply to spectre5
said by spectre5 :
...3 different sites I've visited say that I'm "invisible" to the internet and not there are no open ports or anything else that can be reached. ...
Yet I see postings here about people's pc's being "hacked" from some derelict on the net. Are these people NOT using firewalls? Are these firewalls useless and the "test" sites basically full of it?
We really need to get something straight here. Being "stealthed" by a software firewall has very little to do with anyone's prospects of being hacked -- especially these days.
Only an incompetent skiddy is today going to be scanning hundreds of IP addresses on even tens or ports looking for a box that is not "stealthed" in order to exploit it. Indeed, this is little more than a good way to get caught. That's a quick recipe for a short, happy life of vicarious amusement.
Yes, there are probably hundreds of thousands of incompetent skiddies and probably tens of millions of innocent users running with absolutely no security in place. The problem with which the skiddy is confronted is "How do I ensure that I only run my vulnerability detectors against the clueless innocent?" The simple answer is that they can't. There are now probably tens of thousands of security-conscious sites that they are likely to hit -- and which will then report the intrusion attempt to any of a number of focal points. The focal points in turn either directly investigate the source of the unsolicited probe or report the unsolicited probes to a higher authority which can shut down the originator (and some ISPs are getting blackballed if they fail to take action on large numbers of such reports). In other words, this really is the easiest way for a skiddy to get caught or at least shut down.
The only thing that these scans will do is identify a system with a listening service on one of the targeted ports. If you don't have any listening services in the first place, it doesn't matter whether you're "stealthed" or simply "closed". The real advantage of these port scanners is that they allow one to quickly ascertain if, for whatever reason, there are any listening ("open") services accessible from the world at large. So, you run a few scans periodically, just to make sure that neither you (nor anyone else, for that matter) has set up a listening service that is either vulnerable or exploitable on your box. That's all.
So, in response to your question, this is not how most people are getting hacked these days. (I must admit I'd prefer the term 'cracked', but the distinction seems to be out of vogue at the moment.)
So, how the hell do people get hacked? Simple, they ask for it -- and once you ask for it, it really doesn't matter whether you've got that beautiful "stealthed" software firewall or not.
How do people "ask" for it? • They knowingly or unknowingly run an internet-enabled server (i.e., a webserver; a news server; a mail server; or a file server, which is what most P2P programs really are) without taking the time to ensure that such servers are patched to ensure that they cannot be exploited (and some can't be patched). • They uncritically download all sorts of crap via their web browser, e-mail client, chat client, file-sharing program, IM client, or NNTP news client which (once downloaded and given the opportunity to install) takes over their machine, negates all of their software security programs, and then effectively assumes command of their machines(and maybe every machine on their precious private LAN). •They don't run any sort of real-time, memory-resident anti-virus, anti-trojan, or registry monitor utilities that would alert them of any such unintended download of a malware application that might subsequently become installed on their machine. • They don't run any sort of installation monitor that provides them with any documentation whatsoever of that really neatsy-keen free utility that they just found on some obscure site (or possibly it's just someone offering a "free" version of what is actually a payware product -- especially a security product) really installed on their box. • If they knowingly run some sort of internet-enabled server/service, they don't run any sort of IDS software that would alert them of attempts to exploit vulnerabilities in their unpatched server application or access "sleeper" software that might attach itself to their server/service. •They never check their systems for the presence of new (primary or secondary) executables of which they are unaware or for the presence of modified versions of executables for which they have previously authorized Internet access. (Admittedly, most software firewalls now at least check for that last possibility.)
I must have left out a half-dozen (at least) kinds of exploits from the above list. The important point is that most of these exploits are beyond the ken of most software firewalls; indeed, some of them could well be explicitly authorized by the rules associated with the software firewall.
--
Regards,
Joseph V. Morris
[text was edited by author 2003-07-31 14:56:17] |
|
jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA
|  reply to gwion
gwion,
Damn! This ain't fair!!  (Somehow, you always seem to get here first!)
I think you and I have said essentially the same thing, albeit in slightly different ways and I hope the OP appreciates that. Hopefully, at least one of these two (or some subsequent) presentations will resonate with the OP.
--
Regards, Joseph V. Morris |
|
Reverend Ike
Premium
join:2001-08-24
Sacramento, CA
| reply to spectre5
said by spectre5 :
... Yet I see postings here about people's pc's being "hacked" from some derelict on the net ...
In many cases, the "I was hacked !!!" threads have inaccurate titles - the actual cause turns out to be a virus or trojan or spyware or someone with physical access, etc. It's just more dramatic for someone to proclaim that they were "hacked" than to admit that poor security habits screwed up their system ... |
|
spectre5
join:2003-07-24
Mobile, AL | reply to spectre5
Amazing. Absolutely amazing. I've gotten so many kind replies to my question and I appreciate it greatly.
There's obviously a lot of talent on this board.
Thanks for all of your responses. |
|
Sarick
It's Only Logical
Premium
join:2003-06-03
USA
 ·FrontierNet Intern..
| reply to spectre5
No matter what there is always a way to be hacked.
You might be thinking no I am very secure.. Etc etc..
The truth is if someone wants to hack you and they have the know how and resources they will hack you.
Take for instance if the FBI wants to secretly install a logger in your system. "Provided they have a warrent to do
it"
They can, in fact a security spiffy person might be at greater risk here bacause they download updates. I hate to say it but a few years ago on future tech they gave the impression that the government could start infultrating secure networks by hijacking the sites they download their security patchs from.
It's curently legal to do this with these P2P networks from my understanding.
Would you have ever guessed Bill Gates was could be infected with a virus because of poor security.
LOL. OF course you would, after all he's behind the OS. If they are finding all these flaws whos to say he hasn't been hacked himself.
Basicly you can't put a cap on security, if someone offered enough $$ to break into a system THEY WOULD find a way or die trying. For instance "bank robbers". Tell me they don't try. Then again on the reverse look at the banks even with massive seurity they can get compremised..
-Sarick |
|
Marilla
I Am My Own Arbiter
Premium
join:2002-12-06
Belpre, OH
| said by Sarick :
No matter what there is always a way to be hacked.
This is absolutely true, and you touch on some instances how this could be done..
BUT...
The average user has to think of this: Exactly who is going to have both the 1) desire and 2) ability to do such a thing, to me?
For the average user, the answer is: Nobody.
There is, quite honestly, no one would have the ability and desire to hack windowsupdate.microsoft.com just to hack my computer. Stay with me here, and read over every word I said in that sentence. Yes.. I understand that perhaps someone could or would hack it to introduce a new vulnerability in Windows itself... but they won't be doing it for me alone.
Likewise, I worry about the online security of my bank and other companies that have my financial information (and this has NOTHING to do with whether or not I use their 'online' offerings: Even if I don't sign up, the company still has the information stored and available for a hacker to get to)... but no one's going to hack my bank to get to MY account information... they are going to do it to get their hands on all the information they can.
Likewise, no one is going to go to all the trouble to set themselves up to be able to do a 'man in the middle' attack on ME, sniffing my transmissions over the Internet to see if there's any vital information sent in an insecure manner. BUT.. they may do it to MY ISP, to catch ALL of the traffic they can... OR.. they may do it to a WEBSITE I visit, to catch all the traffic sent to/from there.
The reason I bring this up is that I occasionally see people talking like, well, it's all hopeless anyway... why bother with security.. if someone wants your information, they are going to get it.. period. What such people don't understand is that there are ALL kinds of 'levels' of ability and desire here. The people with the big ability and big desire go after big catches, generally speaking. Of course, if you piss off some guy who's capable of hacking Citicorp's main database, I FEEL for ya!! But for most of us? We'll never see such a person... all we might tend to piss off is some guy who knows how to download script-kiddie toys that try to plug away at well known and long-patched vulnerabilities.
But most of us won't even fall into that category. Most of us just get these 'automated' attacks from worms, plugging at well-known holes, mostly patched. So for most of us, practicing good, layered security will protect us; That means not relying on ANY single product or policy, but on a group of policies and products that all mesh together to protect us from all but the most enterprising and persistent crackers. |
|
