firewall useless for puppy

[nooby]

our ISP due to directive from European Union to save all activities of every citizen for months so they can backtrack if we behave badly they force us to have same IP over and over again.

"Of course I don't have a static IP address"

Sadly my ISP force that on me. sure some neigbor may get mine but then they assign another for months to be "mine" until some new neighbor wake up earlier than me and take it from me due to ten hours inactivity but usually I end up for weeks with same.

[rcrsn51]

So I don't trust that one can run Puppy without firewall at all.

If running a firewall makes you feel safer, than do so. But don't run one based solely on the experience of an insecure Windows install or a badly configured Internet server. They are entirely different situations from running Puppy.

[rcrsn51]

For the next ten days I'll run Puppy without a firewall.

What kind of Internet connection do you have? Are you behind any kind of router? Are you using an external or internal IP address?

[nooby]

Simplewater,

I don't know enough to answer your question. I have asked many times of different forums if there is some log or some activity monitor that could reveal if a program want to get out and to do thing.

One answer I did get was that the most clever trojans was so clever that they only get out on the internet if you activate a browser and do something like looking at internet pages so they mask their activity to coincide with other similar visits on the internet. Sop when you visit CNN then the Trojan visit their server and get instructions for further attacks and then go down dormant again and you have no way of knowing it was ever active at all until next time it needs to check with it's server for further updates. Maybe once a month or so. Meanwhile they lie dormant waiting for a wake up call.

Or how to find rootkits and such. Seems very hard to retell because the answers have either been way above my capacity to grasp or they tell it is not possible.

Some program are so clever that they can stay dormant for months and only get activated when the criminals wants to target their enemies and then they activate ten thousands such dormant "bots" all over the world to make overloading of the target and maybe then you notice that suddenly everything is very slow and CPU run wild. But that could be once a month or so.

What is most aorrysome are such program like keyloggers that try to wait out that you do online banking and then learn how to do it again or to play man in the middle next time you go banking them now learned how it should look like andthey make a fake site that look identical to your bank now that they know that you have money there.

rootkits is problematic due to the current progtrams to find out gives so many false positives so you have no idea what is the false positive or true rootkit.

But as I remember that old text maybe two or three years old they did use windows so sure linux is less targetted but there are many Apache servers that have been contamined and them are linux. So they most likely know how to if they have time and motivation to get into linux machines too.

Not all of us has any router and even if we had that is only some 128 or 256 steps from breaking in is it not? I mean if they step through it 256 times then they are in? Unless me fail to get how it works. Which I maybe do.

It all depends on if they think one are a worthy target or not.

My 80 old neighbor was targeted for what he owned. Somebody had tried to get info using an online service and he went to the poilice insisting to get to know who it was and it was a "distant" aquantice at the Sailors Club that had some criminal background. Very scary. He could have taking over the online identity of my neighbor and ordered costly wall TV and let him pay for them. He confronted the guy and told him to stop what he was doing and luckily that guy did apology for what he had set up. So hope he rethink the whole attitude to abuse identitities.

But others are not that lucky. Some get their identity taken over and it is not easy to get it back. They have time to do real damage before the legal system can put a stop to it.

So sure I am too alarmistic due to me a nooby on security I know too little but if one are unlucky and happen to have "unreliable friends" then them can do damage easily.

They show that if one set up a fake hot spot then some programs take the strongest open signal and just go out on the internet instead of asking which one of all the available one want to use.

But try to get info from people close to you that you can trust. only them can visit you and see if there is things that look different on your hdd that could be things hidden.

I've heard that the best trojans replace legit files so everything look totally okay. So they make use of the windows files and put their own altered versions with same name there.

I mean one need to know much to be able to spot them by a casual look. Can they pretend to be as old as the original files or does it show up that them being newer or used recent despite one never use windows ever? Or do they say one size identical with the old file and then when one look using puppy ROX then maybe them another size?

I wish one would new easy ways to find out if files get altered despite one don't use Windows. They have many GB to hide there

[SimpleWater]

Hello nooby,

Any good home router (or any business/enterprise class router) will normally come with a firewall built in. If that firewall is properly configured, then it will be the same as if you were running one locally from the perspective of someone outside the local network.

That's the crucial point of this discussion. Turning on a firewall because it feels better won't stop an attack through your web browser. But turning off your browser's scripting feature will.

Cracking ALL Puppies, not just a specific one, via javascript from a web site, is quite easy for any competent hacker who's interested enough. For Science! I am not about to demonstrate such a hack. This type of cracking can only be prevented by (1) having no javascript or (2) staying off that site.

There are a number of hacker forum sites, most in Southeast Asia these days, where they will be glad to tell you how to crack Puppy. While telling you they will be cracking your computer... or at least trying to... that's part of the fun of the hacker/cracker game.

Probably true, but I can't tell for sure. Firewall in Linux is way too complicated, I've always been too lazy to study it, I admit I am not qualified to inspect the Puppy firewall configuration to determine what outbound traffic it is ready to stop. My bet would be that no, it does not prevent something malicious from "phoning home" or delivering payload elsewhere.

Can we conclude that the average user who is not running some kind of service does not need a firewall?

Am I correct in assuming that even if you had the Puppy firewall running, it would not stop outgoing traffic from something malicious on your computer like a bot?

Without being paranoïd, it won't prevent from
1/ eavedropping
2/ redirecting to another system that you might be connected to
But appart from eavedropping you do a hard hacking job.

So are all these posts irrelevant?

[Bernie_by_the_Sea]

For the next ten days I'll run Puppy without a firewall.

What kind of Internet connection do you have? Are you behind any kind of router? Are you using an external or internal IP address?

Dialup, no router, external.

[SimpleWater]

well i went ahead and installed the firewall. I chose default, so supposedly all my ports all closed now. I can't evaluate the resources in htop, anyone know what it looks like? I also do not see it on the system tray since i removed it a few days back, so hopefully its on and running. I also disabled javascript, i do watch videos so can't disable flash. I feel preety safe now, although i did feel safe in linux before i found this thread.

[Bernie_by_the_Sea]

well i went ahead and installed the firewall. I chose default, so supposedly all my ports all closed now. I can't evaluate the resources in htop, anyone know what it looks like? I also do not see it on the system tray since i removed it a few days back, so hopefully its on and running. I also disabled javascript, i do watch videos so can't disable flash. I feel preety safe now, although i did feel safe in linux before i found this thread.

Default does (supposedly) close and stealth nearly all ports but it responds to pings. If you're using a browser port 80 must be open and if you're using a printer port 134 must be open etc. so not all ports are closed.

It doesn't appear in htop, at least not as a separate process. The firewall configures the kernel.

The thing in the tray is not the firewall but an applet to show firewall status. You need to run it as well as the firewall. I don't have it on my system but I think the name is firewallstate. If you're using Lucid I think it's in the menu.

If flash is enabled you really have ZERO protection from malware. Things that ride in on flash (and there are many thousands of them) cannot be detected until they do or try to do something malicious. Linux is safe enough but malware that rides in on flash can sometimes get to Windows if it's on the computer and sometimes get to the boot sector which affects the whole computer.

[rcrsn51]

and if you're using a printer port 134 must be open

CUPS uses port 631. But unless you enable printer sharing, it's a non-issue. And even then, an attacker would only see the CUPS non-privileged user.

[Aitch]

FUD

Fear, Uncertainty and Doubt. Also known as scare tactics, either accomplished by threat or making the opponent doubt his standpoint. Not only used in lawsuits, but also in politics and military propaganda.
The company's FUD spreading caused many supporters to abandon their cause, except for the few that could see through its scaremongering propaganda.

Some lawyers never retire.....adversarial is a way of life

Aitch

[SimpleWater]

OK so i haven't enabled printing so that's clear. Browser port 80? I will just take a wild guess and assume that i cannot shut it down since i use a browser to browse the internet.

bernie, good info, but how do you watch videos? Are you using some kind of alternative?

[Bernie_by_the_Sea]

OK so i haven't enabled printing so that's clear. Browser port 80? I will just take a wild guess and assume that i cannot shut it down since i use a browser to browse the internet.

bernie, good info, but how do you watch videos? Are you using some kind of alternative?

I don't watch videos except rarely as a time killer on my BlackBerry. Primarily this is due to the fact that I'm on dialup where videos are like slideshows. A 3- or 4-minute video can be buffered in 15-20 minutes and watched but anything much longer is out for me. Where I live dialup at $12.50 per month or satellite at $89 are my only choices. While I have money I don't waste it. On the other hand my wife does waste it. We're subscribed to every premium movie channel on Dish Network and watch movies that way on a 62" HDTV.

Port 80 is the browser and of course rcrsn51 was right that 631 is the CUPS port, not 134. I knew better and don't know why I typed that.

There are even fewer viruses for the BlackBerry than there are for Linux, I think one and it's rare and doesn't do much. I use Bolt, Opera and the built-in BlackBerry browser but none of these work with YouTube on my model. I use an app called MyTube but I really haven't seen anything on YouTube worth seeing.

[Aitch]

Where I live dialup at $12.50 per month or satellite at $89 are my only choices

What, no 3G dongle.....?

Only £10/pm [probably about $16] unless you're a heavy downloader (1Gb, £15/3Gb)

Else, mobile phone as a modem, surely, is yet another option

Aitch

[Bernie_by_the_Sea]

Where I live dialup at $12.50 per month or satellite at $89 are my only choices

What, no 3G dongle.....?

Only £10/pm [probably about $16] unless you're a heavy downloader (1Gb, £15/3Gb)

Else, mobile phone as a modem, surely, is yet another option

Cellular/wireless reception is marginal where I live at the moment, a single bar winking on and off and often no reception. Voice will sometimes work where the slowest data (GPRS) won't. The nearest cell tower is four miles and it's AT&T. The minimum data plan is $44.70 per month. 3G isn't available, only 2G edge.

I've toyed with my BlackBerry as a modem but reception isn't good enough for it to work for long. It may work for a couple of minutes then cutout for a couple of minutes. At best it's 2G.

There are vast areas of the United States that have no wireless/cell service and no broadband. A few times a year I drive back and forth between Maine and Arizona. Unless I stay on the Interstate/freeways there is usually no cell service until I get within a few miles of a town. Actually I have four residences, one in Maine, one in Ontario, one in Missouri and one in Arizona. Three have zero cell/wireless service and the one in Missouri is the marginal one. All four are in isolated rural areas. The one in Maine is on an island and doesn't have any telephone service or any electricity. I have my own generator system and I have a marine band radio for emergency communication. The one in Ontario is miles from another human being and also has no utilities. The one in Arizona is in a pine forest in the mountains 14-15 miles from the nearest tower. The one in Missouri is four miles from the nearest village and the whole county has only 4,000 people. I'm just not a social creature.

[nooby]

If HamRadio where allowed to be relay stations for Data over the internet then one could use such to get broadband to distant places on a volunteer base. All over Europe they have Clubs and set up Repeaters but that is only for talk. I don't trust them have license to do internet broadband service. Such is commercial.

Way back in time before Internet got popular we had FidoNet or similar name but that was not broadband at all but a volunteer network that allowed emails to go all over the world. Amazing when one look back how well it worked when not clogged up by too many users.

[Aitch]

Nooby, you may be thinking of Echolink....

btw Internet over Ham Radio has been done for quite a while

The 'problem' with it is, you have to broadcast 'in the clear' open transmissions on Ham, so no encryption, AFAIK

We have a few Hams here on the forum using Puppy successfully


@B_b_t_S

I'm surprised with all your knowledge and wealth you haven't bought yourself a wifi or satellite repeater/amplifier and a decent high gain aerial

Distances of over 100mls are possible on Wifi, and further on Satellite

http://en.wikipedia.org/wiki/Long-range_Wi-Fi

or how about an old TV station link

http://www.gizmag.com/broadband-via-unu ... els/13178/

I would've thought you'd have seen this lack of service as a business opportunity....seeing as you're a leader and all

I'm just not a social creature.

I'd never have guessed.....

Aitch

[Bernie_by_the_Sea]

@B_b_t_S

I'm surprised with all your knowledge and wealth you haven't bought yourself a wifi or satellite repeater/amplifier and a decent high gain aerial

Distances of over 100mls are possible on Wifi, and further on Satellite

I'm not surprised you keep making impractical or impossible suggestions. I have no idea what "100mls" is supposed to mean. The average American knows nothing of the metric system, and while I did use it in medicine, lengths there are seldom over two meters (unless you count the length of the intestinal tract). "Mls" seems to be a measure of weight.

http://en.wikipedia.org/wiki/Long-range_Wi-Fi

or how about an old TV station link

http://www.gizmag.com/broadband-via-unu ... els/13178/

Total waste of my time looking at these.

I would've thought you'd have seen this lack of service as a business opportunity....seeing as you're a leader and all

I haven’t been in the market for “business opportunities

[Bernie_by_the_Sea]

ADDENDUM

Speaking of Internet connection costs back when I paid one dollar per minute (phone company) for a long distance web connection through Juno (free) I used agora to browse the web. Any of you ever heard of agora? You sent an email with an URL to an agora server and they sent you back the web page by email. Minimum connection time. Only three or four dollars to see a web site instead of ten or twelve dollars. Boy, I really miss the good old days. I could download a simple graphic for only thirty or forty dollars.

From: agora@dna.affrc.go.jp
Received: from x1.boston.juno.com (x1.boston.juno.com [205.231.100.21])
by x2.boston.juno.com (8.6.13/8.7.Alpha.4/1.34.kim) with ESMTP id RAA03058
for <bernieb@x2.boston.juno.com>; Wed, 26 Jun 1996 17:44:39 -0400

On topic, no worries about a firewall then. Agora checked for viruses.

[Aitch]

I'm not surprised you keep making impractical or impossible suggestions. I have no idea what "100mls" is supposed to mean.The average American knows nothing of the metric system,.....

I never mentioned metric....100mls is simply 100 of those plain old imperial miles....thought Amerika was resisting metric, but didn't realise moving to the bookwoods made you backwood [backwoods by the sea...?]

Sorry, but AI's got a long way to go before it'll replace 'intelligent' human lifeforms, even for mundane stuff....and it won't be running any version of windoze

Anyhow, since you clearly prefer the sound of your own voice I'll shut the f**k up and leave you to carry on annoying everyone else....eventually

Aitch

[miriam]

Okay, at the risk of straying way too off-topic, I can't resist this:

It was an artificial intelligence venture and it became obvious to me that the species that will make mankind extinct will be computers. It’s only a matter of time until humans are slaves of robotic machines. Think Terminator.

There is increasing evidence that considerably higher intelligence brings a more caring and ethical mindset. Humanity's intelligence grows with each generation (it is known as the Flynn Effect) and becomes more peaceful and morally careful. Contrary to the badly skewed viewpoint presented by big media, we live in the most peaceful time in history. We also live longer and more healthily and care more about our fellows. Racism and tribalism are falling away with increasing numbers of people having broad respect for each other's rights (not very long ago women and children had no rights; now even animals do).

The only real danger is the military's interest in making intelligent killing machines (as Bernie pointed out -- Terminator), but having begun in the '60s, the pressure against such military exploits is building and I really can't see them being allowed to go down the Terminator path.

Domestic AI, on the other hand is growing by leaps and bounds. It is unlikely to ever be a threat as its design is all about helping... and consider the dogs; if one so much as bites a person it is instantly destroyed and there is a great debate about disallowing that breed. Any potentially dangerous domestic AI simply will not be allowed. We humans are much too paranoid to let it be.

Sorry about the distraction.
We now return you to your normal program.