firewall useless for puppy

Using applications, configuring, problems
Post Reply
Message
Author
User avatar
sickgut
Posts: 1156
Joined: Tue 23 Mar 2010, 19:11
Location: Tasmania, Australia in the mountains.
Contact:

firewall useless for puppy

#1 Post by sickgut »

I put it to the puppy communty that the firewall loading as default on puppy is a waste of resources and is not needed.

The amount of tech knowledge here on this forum is vast, it represents the large part of the knowledgeable tinkerers and may even be refered to as leet.

So the purpose of this post is to try and assess the real actual threat that exists to a linux system that has no firewall. What would you actually do to a linux system to breach it, that you cannot do to the same system that has a firewall?

I do not want "People say you can do this..." kinda answers or philosophical answers of why you should have a firewall. The only answer that will cause me to detract my statement that a software firewall on puppy is useless is an actual step by step or a demonstration that you can actually do to the system to compromise it.

Until i actually see proof of an actual threat that has been weighed and balanced then i will maintain my statement that the software firewall loading as default in puppy 5.25 is a complete waste of resources. I also believe that the only rason it exists and loads as default is because Windows has the same thing.

If my statements are incorrect then please provide actual demonstratable proof. Like i said teh combined knowlesge of this place is extreem. Having said that if no one here can provide a demonstration of breaching a puppy linux system with no firewall and actually damage the system in an apreciable way, I doubt there is any real threat to a puppy system with no firewall and i suggest it be removed from starting as default.

Have fun.
sickgut@gmail.com

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#2 Post by Flash »

If you run Puppy from a multisession DVD in a computer that has no hard disk drive, as I do, then I can't see the need for a firewall. Even if something from the internet did manage to take over Puppy, which as far as I know has never happened, to restore Puppy to the way it was, I just reboot without saving.

Jasper

#3 Post by Jasper »

Hi sickgut,

I am interested so I just ran comprehensive "ShieldsUp" security tests with my firewall off and with my firewall on and in both cases the results were identically perfect.

Whilst that tends to support your argument, since my firewall seems to have neither an important nor a significant impact on my resources I would rather use the firewall unless someone can prove that it is useless (rather than have someone prove that it is useful).

My regards

PS My freeware Windows firewall has three security levels (as well as a learn mode):

Allow most (i.e. everything not specifically blocked).
Block most (i.e everything not specifically allowed).
Block all (i.e, everything in and out).
Last edited by Jasper on Mon 18 Apr 2011, 14:38, edited 1 time in total.

Bruce B

#4 Post by Bruce B »

Do you think you have an idea of how much resources the firewall takes?

If so, how do you compute these so-called, "wasted resources?"

~

User avatar
Bernie_by_the_Sea
Posts: 328
Joined: Wed 09 Feb 2011, 18:14

#5 Post by Bernie_by_the_Sea »

Jasper wrote:I am interested so I just ran comprehensive "ShieldsUp" security tests with my firewall off and with my firewall on and in both cases the results were identically perfect.
How did you turn the firewall off?

How did you check that it was actually off?

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#6 Post by rcrsn51 »

In my experience, if your computer is behind a router or modem that performs NAT (ie. you have a local IP address like 192.168.x.y), then security testers like ShieldsUp will report that your system is safe. Supposedly, that's because they cannot see past the router.

Jasper

#7 Post by Jasper »

Hi Bernie_by_the_Sea,

/root/.usr/share/applications/firewallstate.desktop and the icon changed when I turned the firewall off.

I believe that many firewalls work so I assume that the Puppy firewall works (though I have no idea how well, how powerfully or how flexibly it may work).

My regards

Bruce B

Re: firewall useless for puppy

#8 Post by Bruce B »

sickgut wrote: The amount of tech knowledge here on this forum is vast, it represents the large part of the knowledgeable tinkerers and may even be refered to as leet [elite].


I do not want "People say you can do this..." kinda answers or philosophical answers of why you should have a firewall. The only answer that will cause me to detract my statement that a software firewall on puppy is useless is an actual step by step or a demonstration that you can actually do to the system to compromise it.
You won't have to worry about this cookie.

The one making the claim has the burden of supporting his claim.

Ain't that right Bernie?

I'll originate questions, you support your claim by answering the questions, that is, if you can.

You don't want to be shown as someone making a baseless claim?

~

User avatar
sickgut
Posts: 1156
Joined: Tue 23 Mar 2010, 19:11
Location: Tasmania, Australia in the mountains.
Contact:

the point of the post

#9 Post by sickgut »

point of my post is to question the usefullness of the firewall. the waste of resources is more of an expression than a technical thing. just like my ex calling me a waste of space tho i could probably scientificly prove that i am only a 75% waste of space due to recent fat reduction in my physique.

so basicly i dont care how much resources the firewall takes its not the point of the post.

also another thing i didnt mention is that when you start adding things that have no use it confuses people. Like ive already had to deal with the questions related to me decieving people about linux due to the firewall. after advising some people that puppy really doesnt need a firewall, all of a sudden im a dirtly liar because the new puppy has a firewall. Why would puppy have a firewall as standard if it didnt need to use it?

its like when people ask you about virus protection for linux when they go through their linux OS and find a linux antivirus program then google for antivirus programs for linux and run 4 of them at once. There is no real substantial virus threat in mass circulation that anyone using linux needs to worry about, yet an antivirus program for linux in itself suggests to the newbie linux user mind that linux is vulnerable to viruses just like windows. This is an example.

There is a reason why windows does have a firewall enabled as standard and that is because of the huge amount of spyware trojans virusses out there that infect a windows system then open up ports etc for people to log in and things. There is a genuine real threat to a windows xp or whatever computer that doesnt have a firewall enabled, especially if it is not behind a hardware firewall.

The purpose of my post was to suggest that unlike windows, linux doesnt have this threat in any real capacity that everyday linux users need to worry about. I am even asking people to actually try and break a puppy system that has no firewall in a completely non realistic way that normal everyday linux users dont need to worry about. and i am suggesting that even under these conditions that puppy doesnt need a firewall at all, one little tiny bit whatsoever, hence making people realise that firewall software loading as default and making the newbie mind actually worry about firewalls and such and have them believe that puppy actually needs a firewall, is completely silly.

User avatar
SirDuncan
Posts: 829
Joined: Sat 09 Dec 2006, 20:35
Location: Ohio, USA
Contact:

#10 Post by SirDuncan »

Jasper wrote:I am interested so I just ran comprehensive "ShieldsUp" security tests with my firewall off and with my firewall on and in both cases the results were identically perfect.
rcrsn51 wrote:In my experience, if your computer is behind a router or modem that performs NAT (ie. you have a local IP address like 192.168.x.y), then security testers like ShieldsUp will report that your system is safe. Supposedly, that's because they cannot see past the router.
Any good home router (or any business/enterprise class router) will normally come with a firewall built in. If that firewall is properly configured, then it will be the same as if you were running one locally from the perspective of someone outside the local network.
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath

User avatar
Luluc
Posts: 200
Joined: Wed 16 Mar 2011, 07:10

#11 Post by Luluc »

Linux without a firewall is perfectly safe until:

- you run a browser with Flash, Javascript or other scripting technology -- but no firewall will help you with that;

- you run services that interface with the internal network (e.g. a Wifi spot) or the Internet: Apache, Web servers, email servers, FTP, SSH etc.

If, for example, you like to leave sshd running so that you can access your own machine remotely, or if you run Apache for Web development, then a firewall will have some purpose.

Note that many ISPs have their own firewall and usually block incoming requests on low ports like 22 or 80. So even if you are running Apache on default port 80, you can access your test site on http://127.0.0.1 or http://192.168.1.x or something like that on your browser, but people out in the wild will not be able to access it. In that case, you are automatically sheltered.

User avatar
r1tz
Posts: 162
Joined: Thu 09 Sep 2010, 05:19
Location: In #puppylinux (IRC)

#12 Post by r1tz »

Luluc wrote:If, for example, you like to leave sshd running so that you can access your own machine remotely, or if you run Apache for Web development, then a firewall will have some purpose
Firstly, i dont believe many users will be using such services.

Please dont tell me you do... im talking about the less advance users who use the web mainly for browsing, chatting music and stuff.

Secondly, if you have for example, sshd running, it firewall doesnt prevent you from remotely accessing your sshd. What makes your think firewall will block others?

User avatar
Luluc
Posts: 200
Joined: Wed 16 Mar 2011, 07:10

#13 Post by Luluc »

r1tz wrote:Secondly, if you have for example, sshd running, it firewall doesnt prevent you from remotely accessing your sshd. What makes your think firewall will block others?
If you know the IP address of your remote location, for example your office/company, you can configure your firewall in your home PC to allow access from that IP only.

Hypothetically, an attacker from the same IP (i.e. your own work place) would not be stopped by the firewall on the home PC, but that's still better than leaving the firewall open to the entire Internet.

User avatar
sickgut
Posts: 1156
Joined: Tue 23 Mar 2010, 19:11
Location: Tasmania, Australia in the mountains.
Contact:

re: sshd type services

#14 Post by sickgut »

so what if someone accesses your sshd login? you would have to be extreemly silly to not have a decent password attached to it. in this case (also the same case with 100's of thousands of vps servers with linux on them that are mainly accessed via ssh to administer them etc that generally have no firewalls, i have one myself) the sshd program itself provides the security.

most people dont have the sshd port blocked with a firewall because often the idea of having sshd running in the first place is to access your computer from a network that is outside of your home and from a wifi hotspot or friends computer you have no idea of the ip address you should allow through your firewall to grant you access .

but if you believe your sshd argument has weight then im sure that you can demonstrate a step by step way of accessing a linux system running sshd that is propperly configured and is password protected. Ofcause is not a password you could possibly know or the experiment is moot, and show us how having a firewall prevents someone hacking your sshd server and entering the correct password, then ill eat my hat.

the idea here is to actually breach a puppy linux system that has no firewall, and not be able to do it again if there is a firewall in place.

no use saying someone could do this or do that..... just do it and show us.

User avatar
r1tz
Posts: 162
Joined: Thu 09 Sep 2010, 05:19
Location: In #puppylinux (IRC)

#15 Post by r1tz »

Luluc wrote:
r1tz wrote:Secondly, if you have for example, sshd running, it firewall doesnt prevent you from remotely accessing your sshd. What makes your think firewall will block others?
If you know the IP address of your remote location, for example your office/company, you can configure your firewall in your home PC to allow access from that IP only.

Hypothetically, an attacker from the same IP (i.e. your own work place) would not be stopped by the firewall on the home PC, but that's still better than leaving the firewall open to the entire Internet.
You can ask sshd to only allow certain IP address.

That is not the job of firewall.

Firewall = blocking of packets. (over simplifying... but that's basically it)

User avatar
Bernie_by_the_Sea
Posts: 328
Joined: Wed 09 Feb 2011, 18:14

#16 Post by Bernie_by_the_Sea »

r1tz wrote: Firewall = blocking of ports. (over simplifying... but that's basically it)

EDIT: i meant to say blocking of packets....
Firewall = blocking or allowing packets (net communication)

My firewalls both in Windows and various Linux distros both allow and block certain apps and certain IPs. I'm more concerned about outgoing than I am incoming so at the moment I have I think nine apps blocked from accessing the net. I have packets from some specific IPs blocked. A port open or closed or stealthed is not enough. What I want from a firewall is not "security" but to block certain outgoing requests, such as updates, and block known incoming spam. Blocking or hiding ports is trivial.

Just because something reports the firewall is off doesn't mean that it is off.

User avatar
Béèm
Posts: 11763
Joined: Wed 22 Nov 2006, 00:47
Location: Brussels IBM Thinkpad R40, 256MB, 20GB, WiFi ipw2100. Frugal Lin'N'Win

#17 Post by Béèm »

sickgit wrote:so basicly i dont care how much resources the firewall takes its not the point of the post.
I suppose you did ask the same question for Windows and OSX?
Please provide the answers to us here.

If you can't do this, then you are a waste of resources.
Time savers:
Find packages in a snap and install using Puppy Package Manager (Menu).
[url=http://puppylinux.org/wikka/HomePage]Consult Wikka[/url]
Use peppyy's [url=http://wellminded.com/puppy/pupsearch.html]puppysearch[/url]

User avatar
sickgut
Posts: 1156
Joined: Tue 23 Mar 2010, 19:11
Location: Tasmania, Australia in the mountains.
Contact:

#18 Post by sickgut »

re: beem
I suppose you did ask the same question for Windows and OSX?
Please provide the answers to us here.

wtf does windows and osx have to do with puppy forum ? im not debating usefullness of firewall on windows only puppy. i suspect ppl who ask questions about windows on a puppy forum are mentally disabled in some way so it really doesnt matter what i type here in reply i doubt beem will understand it. he probably has a really huge forehead or has some gross disfigurement that interrupts his view of a screen when he types or doesnt understand english and has just copy and pasted random stuff in his post, maybe in an effort to impress other non english speaking people..

so no i didnt ask about windows and osx its a puppy forum. goto a windows forum and ask the question yourself if you think your doing the community a favour or need to answer a deep soul searching question such as that. i hear deep soul searching windows questions can change your view of the world in such a profound way you cannot explain it with words, so i will forgive you if you ask that question on a windows forum but cant quite put your answer into words when you go to explain your experience on this puppy linux thread.

i wish you all the best in life and hope you learn to live with or cure your current physical and or mental imparment.

You will be in all our prayers.

sickgut

Bruce B

Re: firewall useless for puppy

#19 Post by Bruce B »

sickgut wrote:I put it to the puppy communty that the firewall loading
as default on puppy is a waste of resources . . .
sickgut wrote:Until i actually see proof of an actual threat that has
been weighed and balanced then i will maintain my statement that the
software firewall loading as default in puppy 5.25 is a complete waste
of resources
.
(Emphasis mine)

How about backing up your own claim? Can you do it? If not, don't make
the claim.
  • 1) What resources?

    2) How much resources?

    3) Can you measure them?

    4) How do you measure them?
~

User avatar
Luluc
Posts: 200
Joined: Wed 16 Mar 2011, 07:10

#20 Post by Luluc »

r1tz wrote:You can ask sshd to only allow certain IP address.
You are correct. I had forgotten sshd could do that.
r1tz wrote:That is not the job of firewall.
I disagree, a firewall serves many purposes. Blocking specific IPs is one of them.

sickgut wrote:so what if someone accesses your sshd login? you would have to be extreemly silly to not have a decent password attached to it.
(...)
the sshd program itself provides the security.
(...)
but if you believe your sshd argument has weight then im sure that you can demonstrate a step by step way of accessing a linux system running sshd that is propperly configured and is password protected.
(...)
no use saying someone could do this or do that..... just do it and show us.
Attackers try to break into sshd with brute force all the time. I run two Web sites, I see their dozens or hundreds of attempts in the logs every day. Of course, they usually fail, but I am not comfortable with the idea of being attacked every day. Closing access to all but one IP address increases security. Of course, that approach is useless if you don't know from what IP you will be accessing sshd. It was just one specific case scenario.
sickgut wrote:wtf does windows and osx have to do with puppy forum ? im not debating usefullness of firewall on windows only puppy. i suspect ppl who ask questions about windows on a puppy forum are mentally disabled in some way so it really doesnt matter what i type here in reply i doubt beem will understand it. he probably has a really huge forehead or has some gross disfigurement that interrupts his view of a screen when he types or doesnt understand english and has just copy and pasted random stuff in his post, maybe in an effort to impress other non english speaking people..
You insult people, write like a semi-illiterate and complain that people don't write proper English. I hope you don't expect to be taken seriously around here.

Post Reply