Firewall's and MSBlast

qwijibow · 08-25-2003, 08:31 AM

Hello guys.

first of all, i know my linux is immune to msblast (haha)

but having my windows machine infected every 5 minutes, and i cant be bothered to download service pack 2 to close the hole (100 meg) on my dial up, ive been thinking about firewalls.

Im using redhat 9, and since im a newb, i ve alwasys installed with the no-firewall option so ive got 1 less thing to mess with my head.

but i have a question...

How should i set it up ???

i want to stop spyware, and annoying things like that,
(by stop i mean prevent it from sending of its data)

but, i want it to allow my gtk-gnutella to function.(file shareing)
and my usual network software (ftp client, web browser, telnet client)

is this possible ?

(ive never used a firewall before.. thanX)

ksgill · 08-25-2003, 09:10 AM

Quote:

but having my windows machine infected every 5 minutes, and i cant be bothered to download service pack 2 to close the hole (100 meg) on my dial up, ive been thinking about firewalls

The security patch is about 1.2MB and you dont necessarily have to install service pack 2 to patch that hole. Chances of getting spyware in linux are really slim but here's what I got when I googled "setting up a firewall in linux" :
http://www.google.com/ie?q=setting+u...&ie=ISO-8859-1

qwijibow · 08-25-2003, 09:22 AM

Ive downloaded the 1.2 meg patch, but when i try to execute it i get an error...

You need service pack version 2 or later,, blah blah m$.com

the windows is windows2000 PRO (not XP)

the windows partiton is just for my computer illiterate family

but thanx

nander · 08-25-2003, 09:34 AM

You say "the windows partition" ... now if you have both Windows and Linux installed on the same machine, I take it you have to boot up into your choosen OS. If this is the case, no firewall on this earth, installed in Linux, is going to safekeep your windows 2000 installation.

Further, have you "googled" a bit about the patch problem in Windows 2000... I REALLY did not think MS were making it dificult for people to patch it....

vgascon · 08-25-2003, 09:50 AM

I confirm qwijibow statement; you must have SP2 on Windows 2000 for the Security Patches to work.

kev82 · 08-25-2003, 10:43 AM

i thought this virus only effected xp not 2k? but it sounds like it effects 2k as well, my firewall only allows incomming connections on port 25 and 80, my 2k machine is masqueraded behind the firewall with an internal address so is not directly reachable from outside. am i right in thinking that i cant be infected by this virus.

vgascon · 08-25-2003, 01:27 PM

kev82: You are, as far, as I know, safe from the attack due to your firewall settings.

zebra90210 · 08-25-2003, 04:42 PM

Hi.
Try the ZoneLabs firewall.
Click here:
http://www.zonelabs.com/store/conten...id=zadb_zadown
I have a dual system too but I use two separate hard drives and a Trios switch. This way the systems never collide and even if one of them catches a virus it never affects the other one. Btw - I use Windows for some games only.
The ZoneLabs firewall for Windows is excellent, it's free and it works in 98, 2K, and XP.

qwijibow · 08-25-2003, 04:48 PM

I know My linux firewall will not protect windows, i was just saying installing a WINDOWS firewall on my windows partition made me think twice about clicking "No FIrewall" on my linux install.

untill this worm came up, and i read about how a worm can get into your system all by itself with RFC security holes, i thought firewalls were just to stop tojan's ect,ect.

im a newb, i dont know if maybe linux has a similar thing to RFC which can be taken advantage of through buffer overruns ect ect.

contrasutra · 08-25-2003, 04:55 PM

Yes, there are chances for vulnerabilities like the MSblast worm in Linux.

Linux IS more secure as long as you dont run any servers and DONT run as root.

But you should run a firewall if you have broadband.

I suggest getting NMAP. Its THE tool for port scanning. Its probobly on your install discs, install it, and as root, run:

nmapfe

This is the GUI to nmap. Then have it scan your computer (127.0.0.1) and it will tell you what ports you have open.

For example, the only ports I have open are 6000 (X11) and 631 (CUPS), so im pretty good.

So thats the first thing, find any servers/open ports you have and close them by disabling those unneeded services.

Then learn about IPTABLES, the linux firewall. For a nice GUI to it, look at Firestarter.

The big difference between Windows and Linux is that you are running as administrator in Windows, so if a worm gets in, it can thrash your whole system. If you dont run as root in Linux, if a worm gets in, it cant really infect anything.

qwijibow · 08-26-2003, 04:26 AM

thanX, your recomended a firewall,
i was planning on using the 1 that comes with my redhat 9. is firestarter better than that ???

And, once installed, can a firewall be 'turned off' for when im file shareing on p2p ????

thanX for your reply

kev82 · 08-26-2003, 05:08 AM

firestarter is a front end to iptables, i prefer to configure stuff myself so i use iptables. theres mountains of documentation on using iptables here. depending how the p2p sharing works you might be able to use it with the firewall up.

contrasutra · 08-26-2003, 10:23 AM

The point of a firewall is to protect you from places like P2P.

If you are going to actively fileshare, a firewall is not going to do much good.

MasterC · 08-26-2003, 12:02 PM

Moving to Linux Security

Cool

cyph3r7 · 08-26-2003, 12:51 PM

there seems to be a lot of misconception here re: msblast. If you have a firewall that blocks all traffic, msblast is a non-issue. It propigates itself on known Microsoft RPC ports. A properly configed firewall would eliminate that traffic. In all honesty there is really no reason to run RPC across the web for the home user anyway. As for mail crap like sobig requires AV software and a smarter end user.