republican-creole
site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security > Tiny + WebWasher Users

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
AuthorAll Replies


gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
kudos:1

reply to wiregauze

Re: Tiny + WebWasher Users

Localhost still has to contact the site. If you examine the default rule closely, it allows only localhost to local machine communications. To get anywhere else, it has to go through the rest of the rules. A connection of "localhost to [any Ip but local IP] won't be a match to the localhost rule, and will continue down for more processing. I have, for instance, netbios blocked by a rule around 2 or 3 down the list; constantly, I find entries where "localhost" originates a connection from system on 137 local to 137 on a foreign machine (simply an NB name resolution request), but it's blocked quite effectively, without having to stop it's getting to localhost. I hope that makes sense, the way I explained it... the fact that it originates from [myip] or from localhost doesn't make a bit of difference to Tiny... it allows or blocks either one based on the applicable rules.

Now, in another realm... I refuse all access on 8080, as well as 1080, in my "filtered ports" deny rule, and at the router filters page. Why? Local 1080 and 8080 are socks and bridge server, respectively, and crackers look for those ports to find badly configured proxies and webservers to use as waystations, to hide their own true address behind yours. Without a server running, there's not much they can exploit, but I do run a few local servers now and then... no such thing as "too paranoid" when you do, after all!

Just wanted to assure, though, that there's no localhost "hole" in Tiny. Localhost is the local machine... it still has to get over the firewall, to get to any outside servers. If that positioning makes you feel comfortable, though, fine. It doesn't appear to conflict with any needed functionality I know of, and that's really what matters. I think I see what you're doing. Like I said, the packets still have to leave localhost, somewhere, to reach the web. The effect of this rule is that it doesn't even get to the firewall, in a manner of speaking. Contacting localhost is never a security risk. It's when local host passes it on to a foreign server. What I'm trying to say is this: Tiny won't allow a localhost to X connection anymore than it will allow a {myip} to X connection. The effect of your rule (if it works, hey, great... that's what matters, and there's more than one way to skin a cat... uh... sorry, tiggerstales... I meant "block a packet." ) is that only IE and BigFix can access port 8080 on localhost. Nothing else can use it at all, not just limited to webwasher... again, I've captured loads of localhost to x.x.x.x traffic, and the rules, in normal order, still block 'em just fine.

I'm quite impressed with Tiny, more every day. For one thing, it allows you to do things like this. For another, it's very secure, if you tweak it appropriately. Finally, it loads where a firewall's supposed to load... as low down as the OS will let it... as a device driver and a service. Meaning, you're protected even if you're logged off. And, as Martha might say it, "that's a good thing."
--
Man will occasionally stumble over the truth, but most times he will pick himself up and carry on. - Sir Winston Churchill
to forum · permalink · 2001-05-22 12:18:23 ·

Anon

Yes I would agree that Tiny is prob. one of the best small firewall solutions out there. When the service loads so low that I'm getting alerts BEFORE I'm logged in that is a GOOD thing, as you and Martha say.

to forum · permalink · 2001-05-22 12:30:00 ·


wiregauze

join:2001-04-17

reply to gwion
[Edit:]
The following reasoning was INCORRECT!.
Read through the thread for more information.
[:Edit]

gwion, I found the problem. It was the cached temporary files that messed up all that.

When I installed bigfix, my 2 PCs were running WW. Till then, I apparently had been walking over bigfix sites for several days to see what the was about. My guess is (I could be wrong again, agrrr...) somehow those temp files were loaded whenever I hit "gather" button in bigfix. I never suspected because, from the start, bigfix showed it was accessing 127.0.0.1 for updates. I have no idea why bigfix tried 127.0.0.1 from the start, and not now. Anyway, after deleting temp files, now it displays correct server IPs.

I did redownload, un/reinstall Tiny and WW several times, rebooted my two machines, and even installed a couple of "calling-home" programs to see if Tiny really blocks them. Result: nothing could hide from Tiny... except bigfix.

All through this, I didn't even think about deleting temp files...

Sorry for those who might have been confused due to my incorrect post.

And, thanks gwion, without your assuring reply, I might have messed up my ruleset even further and possibly others, too .

-- wiregauze
[text was edited by author 2001-06-05 08:00:32]

to forum · permalink · 2001-05-22 20:21:00 ·
Forums > Broadband Tech > Security > Security

Monday, 04-Jun 15:18:28 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics