The time now is Thu 26 Apr 2018, 23:05
All times are UTC - 4 |
Page 1 of 13 [183 Posts] |
Goto page: 1, 2, 3, ..., 11, 12, 13 Next |
Author |
Message |
sickgut

Joined: 23 Mar 2010 Posts: 1157 Location: Tasmania, Australia in the mountains.
|
Posted: Mon 18 Apr 2011, 07:09 Post subject:
firewall useless for puppy Subject description: prove me wrong |
|
I put it to the puppy communty that the firewall loading as default on puppy is a waste of resources and is not needed.
The amount of tech knowledge here on this forum is vast, it represents the large part of the knowledgeable tinkerers and may even be refered to as leet.
So the purpose of this post is to try and assess the real actual threat that exists to a linux system that has no firewall. What would you actually do to a linux system to breach it, that you cannot do to the same system that has a firewall?
I do not want "People say you can do this..." kinda answers or philosophical answers of why you should have a firewall. The only answer that will cause me to detract my statement that a software firewall on puppy is useless is an actual step by step or a demonstration that you can actually do to the system to compromise it.
Until i actually see proof of an actual threat that has been weighed and balanced then i will maintain my statement that the software firewall loading as default in puppy 5.25 is a complete waste of resources. I also believe that the only rason it exists and loads as default is because Windows has the same thing.
If my statements are incorrect then please provide actual demonstratable proof. Like i said teh combined knowlesge of this place is extreem. Having said that if no one here can provide a demonstration of breaching a puppy linux system with no firewall and actually damage the system in an apreciable way, I doubt there is any real threat to a puppy system with no firewall and i suggest it be removed from starting as default.
Have fun.
sickgut@gmail.com
|
Back to top
|
|
 |
Flash
Official Dog Handler

Joined: 04 May 2005 Posts: 12828 Location: Arizona USA
|
Posted: Mon 18 Apr 2011, 08:47 Post subject:
|
|
If you run Puppy from a multisession DVD in a computer that has no hard disk drive, as I do, then I can't see the need for a firewall. Even if something from the internet did manage to take over Puppy, which as far as I know has never happened, to restore Puppy to the way it was, I just reboot without saving.
|
Back to top
|
|
 |
Jasper
Joined: 25 Apr 2010 Posts: 1350 Location: England
|
Posted: Mon 18 Apr 2011, 09:53 Post subject:
|
|
Hi sickgut,
I am interested so I just ran comprehensive "ShieldsUp" security tests with my firewall off and with my firewall on and in both cases the results were identically perfect.
Whilst that tends to support your argument, since my firewall seems to have neither an important nor a significant impact on my resources I would rather use the firewall unless someone can prove that it is useless (rather than have someone prove that it is useful).
My regards
PS My freeware Windows firewall has three security levels (as well as a learn mode):
Allow most (i.e. everything not specifically blocked).
Block most (i.e everything not specifically allowed).
Block all (i.e, everything in and out).
Last edited by Jasper on Mon 18 Apr 2011, 10:38; edited 1 time in total
|
Back to top
|
|
 |
Bruce B
Joined: 18 May 2005 Posts: 11488 Location: The Peoples Republic of California
|
Posted: Mon 18 Apr 2011, 10:37 Post subject:
|
|
Do you think you have an idea of how much resources the firewall takes?
If so, how do you compute these so-called, "wasted resources?"
~
_________________ New! Puppy Linux Links Page
|
Back to top
|
|
 |
Bernie_by_the_Sea

Joined: 09 Feb 2011 Posts: 329
|
Posted: Mon 18 Apr 2011, 11:40 Post subject:
|
|
Jasper wrote: | I am interested so I just ran comprehensive "ShieldsUp" security tests with my firewall off and with my firewall on and in both cases the results were identically perfect. |
How did you turn the firewall off?
How did you check that it was actually off?
|
Back to top
|
|
 |
rcrsn51

Joined: 05 Sep 2006 Posts: 11895 Location: Stratford, Ontario
|
Posted: Mon 18 Apr 2011, 11:53 Post subject:
|
|
In my experience, if your computer is behind a router or modem that performs NAT (ie. you have a local IP address like 192.168.x.y), then security testers like ShieldsUp will report that your system is safe. Supposedly, that's because they cannot see past the router.
|
Back to top
|
|
 |
Jasper
Joined: 25 Apr 2010 Posts: 1350 Location: England
|
Posted: Mon 18 Apr 2011, 11:58 Post subject:
|
|
Hi Bernie_by_the_Sea,
/root/.usr/share/applications/firewallstate.desktop and the icon changed when I turned the firewall off.
I believe that many firewalls work so I assume that the Puppy firewall works (though I have no idea how well, how powerfully or how flexibly it may work).
My regards
|
Back to top
|
|
 |
Bruce B
Joined: 18 May 2005 Posts: 11488 Location: The Peoples Republic of California
|
Posted: Mon 18 Apr 2011, 12:04 Post subject:
Re: firewall useless for puppy Subject description: prove me wrong |
|
sickgut wrote: |
The amount of tech knowledge here on this forum is vast, it represents the large part of the knowledgeable tinkerers and may even be refered to as leet [elite].
I do not want "People say you can do this..." kinda answers or philosophical answers of why you should have a firewall. The only answer that will cause me to detract my statement that a software firewall on puppy is useless is an actual step by step or a demonstration that you can actually do to the system to compromise it.
|
You won't have to worry about this cookie.
The one making the claim has the burden of supporting his claim.
Ain't that right Bernie?
I'll originate questions, you support your claim by answering the questions, that is, if you can.
You don't want to be shown as someone making a baseless claim?
~
_________________ New! Puppy Linux Links Page
|
Back to top
|
|
 |
sickgut

Joined: 23 Mar 2010 Posts: 1157 Location: Tasmania, Australia in the mountains.
|
Posted: Mon 18 Apr 2011, 12:09 Post subject:
the point of the post Subject description: see i made a post, and there is a point to it. you, too can read more about it TODAY!! |
|
point of my post is to question the usefullness of the firewall. the waste of resources is more of an expression than a technical thing. just like my ex calling me a waste of space tho i could probably scientificly prove that i am only a 75% waste of space due to recent fat reduction in my physique.
so basicly i dont care how much resources the firewall takes its not the point of the post.
also another thing i didnt mention is that when you start adding things that have no use it confuses people. Like ive already had to deal with the questions related to me decieving people about linux due to the firewall. after advising some people that puppy really doesnt need a firewall, all of a sudden im a dirtly liar because the new puppy has a firewall. Why would puppy have a firewall as standard if it didnt need to use it?
its like when people ask you about virus protection for linux when they go through their linux OS and find a linux antivirus program then google for antivirus programs for linux and run 4 of them at once. There is no real substantial virus threat in mass circulation that anyone using linux needs to worry about, yet an antivirus program for linux in itself suggests to the newbie linux user mind that linux is vulnerable to viruses just like windows. This is an example.
There is a reason why windows does have a firewall enabled as standard and that is because of the huge amount of spyware trojans virusses out there that infect a windows system then open up ports etc for people to log in and things. There is a genuine real threat to a windows xp or whatever computer that doesnt have a firewall enabled, especially if it is not behind a hardware firewall.
The purpose of my post was to suggest that unlike windows, linux doesnt have this threat in any real capacity that everyday linux users need to worry about. I am even asking people to actually try and break a puppy system that has no firewall in a completely non realistic way that normal everyday linux users dont need to worry about. and i am suggesting that even under these conditions that puppy doesnt need a firewall at all, one little tiny bit whatsoever, hence making people realise that firewall software loading as default and making the newbie mind actually worry about firewalls and such and have them believe that puppy actually needs a firewall, is completely silly.
|
Back to top
|
|
 |
SirDuncan

Joined: 09 Dec 2006 Posts: 836 Location: Ohio, USA
|
Posted: Mon 18 Apr 2011, 12:10 Post subject:
|
|
Jasper wrote: | I am interested so I just ran comprehensive "ShieldsUp" security tests with my firewall off and with my firewall on and in both cases the results were identically perfect. |
rcrsn51 wrote: | In my experience, if your computer is behind a router or modem that performs NAT (ie. you have a local IP address like 192.168.x.y), then security testers like ShieldsUp will report that your system is safe. Supposedly, that's because they cannot see past the router. |
Any good home router (or any business/enterprise class router) will normally come with a firewall built in. If that firewall is properly configured, then it will be the same as if you were running one locally from the perspective of someone outside the local network.
_________________ Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath
|
Back to top
|
|
 |
Luluc

Joined: 16 Mar 2011 Posts: 200
|
Posted: Mon 18 Apr 2011, 12:11 Post subject:
|
|
Linux without a firewall is perfectly safe until:
- you run a browser with Flash, Javascript or other scripting technology -- but no firewall will help you with that;
- you run services that interface with the internal network (e.g. a Wifi spot) or the Internet: Apache, Web servers, email servers, FTP, SSH etc.
If, for example, you like to leave sshd running so that you can access your own machine remotely, or if you run Apache for Web development, then a firewall will have some purpose.
Note that many ISPs have their own firewall and usually block incoming requests on low ports like 22 or 80. So even if you are running Apache on default port 80, you can access your test site on http://127.0.0.1 or http://192.168.1.x or something like that on your browser, but people out in the wild will not be able to access it. In that case, you are automatically sheltered.
|
Back to top
|
|
 |
r1tz

Joined: 09 Sep 2010 Posts: 165 Location: In #puppylinux (IRC)
|
Posted: Mon 18 Apr 2011, 13:10 Post subject:
|
|
Luluc wrote: | If, for example, you like to leave sshd running so that you can access your own machine remotely, or if you run Apache for Web development, then a firewall will have some purpose |
Firstly, i dont believe many users will be using such services.
Please dont tell me you do... im talking about the less advance users who use the web mainly for browsing, chatting music and stuff.
Secondly, if you have for example, sshd running, it firewall doesnt prevent you from remotely accessing your sshd. What makes your think firewall will block others?
|
Back to top
|
|
 |
Luluc

Joined: 16 Mar 2011 Posts: 200
|
Posted: Mon 18 Apr 2011, 13:16 Post subject:
|
|
r1tz wrote: | Secondly, if you have for example, sshd running, it firewall doesnt prevent you from remotely accessing your sshd. What makes your think firewall will block others? |
If you know the IP address of your remote location, for example your office/company, you can configure your firewall in your home PC to allow access from that IP only.
Hypothetically, an attacker from the same IP (i.e. your own work place) would not be stopped by the firewall on the home PC, but that's still better than leaving the firewall open to the entire Internet.
|
Back to top
|
|
 |
sickgut

Joined: 23 Mar 2010 Posts: 1157 Location: Tasmania, Australia in the mountains.
|
Posted: Mon 18 Apr 2011, 14:00 Post subject:
re: sshd type services |
|
so what if someone accesses your sshd login? you would have to be extreemly silly to not have a decent password attached to it. in this case (also the same case with 100's of thousands of vps servers with linux on them that are mainly accessed via ssh to administer them etc that generally have no firewalls, i have one myself) the sshd program itself provides the security.
most people dont have the sshd port blocked with a firewall because often the idea of having sshd running in the first place is to access your computer from a network that is outside of your home and from a wifi hotspot or friends computer you have no idea of the ip address you should allow through your firewall to grant you access .
but if you believe your sshd argument has weight then im sure that you can demonstrate a step by step way of accessing a linux system running sshd that is propperly configured and is password protected. Ofcause is not a password you could possibly know or the experiment is moot, and show us how having a firewall prevents someone hacking your sshd server and entering the correct password, then ill eat my hat.
the idea here is to actually breach a puppy linux system that has no firewall, and not be able to do it again if there is a firewall in place.
no use saying someone could do this or do that..... just do it and show us.
|
Back to top
|
|
 |
r1tz

Joined: 09 Sep 2010 Posts: 165 Location: In #puppylinux (IRC)
|
Posted: Mon 18 Apr 2011, 14:07 Post subject:
|
|
Luluc wrote: | r1tz wrote: | Secondly, if you have for example, sshd running, it firewall doesnt prevent you from remotely accessing your sshd. What makes your think firewall will block others? |
If you know the IP address of your remote location, for example your office/company, you can configure your firewall in your home PC to allow access from that IP only.
Hypothetically, an attacker from the same IP (i.e. your own work place) would not be stopped by the firewall on the home PC, but that's still better than leaving the firewall open to the entire Internet. |
You can ask sshd to only allow certain IP address.
That is not the job of firewall.
Firewall = blocking of packets. (over simplifying... but that's basically it)
|
Back to top
|
|
 |
|
Page 1 of 13 [183 Posts] |
Goto page: 1, 2, 3, ..., 11, 12, 13 Next |
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|