Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 02 Sep 2014, 04:24
All times are UTC - 4
 Forum index » House Training » Users ( For the regulars )
firewall useless for puppy
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 13 [182 Posts]   Goto page: 1, 2, 3, ..., 11, 12, 13 Next
Author Message
sickgut


Joined: 23 Mar 2010
Posts: 1157
Location: Tasmania, Australia in the mountains.

PostPosted: Mon 18 Apr 2011, 07:09    Post subject:  firewall useless for puppy
Subject description: prove me wrong
 

I put it to the puppy communty that the firewall loading as default on puppy is a waste of resources and is not needed.

The amount of tech knowledge here on this forum is vast, it represents the large part of the knowledgeable tinkerers and may even be refered to as leet.

So the purpose of this post is to try and assess the real actual threat that exists to a linux system that has no firewall. What would you actually do to a linux system to breach it, that you cannot do to the same system that has a firewall?

I do not want "People say you can do this..." kinda answers or philosophical answers of why you should have a firewall. The only answer that will cause me to detract my statement that a software firewall on puppy is useless is an actual step by step or a demonstration that you can actually do to the system to compromise it.

Until i actually see proof of an actual threat that has been weighed and balanced then i will maintain my statement that the software firewall loading as default in puppy 5.25 is a complete waste of resources. I also believe that the only rason it exists and loads as default is because Windows has the same thing.

If my statements are incorrect then please provide actual demonstratable proof. Like i said teh combined knowlesge of this place is extreem. Having said that if no one here can provide a demonstration of breaching a puppy linux system with no firewall and actually damage the system in an apreciable way, I doubt there is any real threat to a puppy system with no firewall and i suggest it be removed from starting as default.

Have fun.
sickgut@gmail.com
Back to top
View user's profile Send private message Visit poster's website 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11034
Location: Arizona USA

PostPosted: Mon 18 Apr 2011, 08:47    Post subject:  

If you run Puppy from a multisession DVD in a computer that has no hard disk drive, as I do, then I can't see the need for a firewall. Even if something from the internet did manage to take over Puppy, which as far as I know has never happened, to restore Puppy to the way it was, I just reboot without saving.
Back to top
View user's profile Send private message 
Jasper


Joined: 25 Apr 2010
Posts: 1111
Location: England

PostPosted: Mon 18 Apr 2011, 09:53    Post subject:  

Hi sickgut,

I am interested so I just ran comprehensive "ShieldsUp" security tests with my firewall off and with my firewall on and in both cases the results were identically perfect.

Whilst that tends to support your argument, since my firewall seems to have neither an important nor a significant impact on my resources I would rather use the firewall unless someone can prove that it is useless (rather than have someone prove that it is useful).

My regards

PS My freeware Windows firewall has three security levels (as well as a learn mode):

Allow most (i.e. everything not specifically blocked).
Block most (i.e everything not specifically allowed).
Block all (i.e, everything in and out).

Last edited by Jasper on Mon 18 Apr 2011, 10:38; edited 1 time in total
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11092
Location: The Peoples Republic of California

PostPosted: Mon 18 Apr 2011, 10:37    Post subject:  

Do you think you have an idea of how much resources the firewall takes?

If so, how do you compute these so-called, "wasted resources?"

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
Bernie_by_the_Sea


Joined: 09 Feb 2011
Posts: 329

PostPosted: Mon 18 Apr 2011, 11:40    Post subject:  

Jasper wrote:
I am interested so I just ran comprehensive "ShieldsUp" security tests with my firewall off and with my firewall on and in both cases the results were identically perfect.

How did you turn the firewall off?

How did you check that it was actually off?
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 9066
Location: Stratford, Ontario

PostPosted: Mon 18 Apr 2011, 11:53    Post subject:  

In my experience, if your computer is behind a router or modem that performs NAT (ie. you have a local IP address like 192.168.x.y), then security testers like ShieldsUp will report that your system is safe. Supposedly, that's because they cannot see past the router.
Back to top
View user's profile Send private message 
Jasper


Joined: 25 Apr 2010
Posts: 1111
Location: England

PostPosted: Mon 18 Apr 2011, 11:58    Post subject:  

Hi Bernie_by_the_Sea,

/root/.usr/share/applications/firewallstate.desktop and the icon changed when I turned the firewall off.

I believe that many firewalls work so I assume that the Puppy firewall works (though I have no idea how well, how powerfully or how flexibly it may work).

My regards
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11092
Location: The Peoples Republic of California

PostPosted: Mon 18 Apr 2011, 12:04    Post subject: Re: firewall useless for puppy
Subject description: prove me wrong
 

sickgut wrote:

The amount of tech knowledge here on this forum is vast, it represents the large part of the knowledgeable tinkerers and may even be refered to as leet [elite].


I do not want "People say you can do this..." kinda answers or philosophical answers of why you should have a firewall. The only answer that will cause me to detract my statement that a software firewall on puppy is useless is an actual step by step or a demonstration that you can actually do to the system to compromise it.


You won't have to worry about this cookie.

The one making the claim has the burden of supporting his claim.

Ain't that right Bernie?

I'll originate questions, you support your claim by answering the questions, that is, if you can.

You don't want to be shown as someone making a baseless claim?

~

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
sickgut


Joined: 23 Mar 2010
Posts: 1157
Location: Tasmania, Australia in the mountains.

PostPosted: Mon 18 Apr 2011, 12:09    Post subject: the point of the post
Subject description: see i made a post, and there is a point to it. you, too can read more about it TODAY!!
 

point of my post is to question the usefullness of the firewall. the waste of resources is more of an expression than a technical thing. just like my ex calling me a waste of space tho i could probably scientificly prove that i am only a 75% waste of space due to recent fat reduction in my physique.

so basicly i dont care how much resources the firewall takes its not the point of the post.

also another thing i didnt mention is that when you start adding things that have no use it confuses people. Like ive already had to deal with the questions related to me decieving people about linux due to the firewall. after advising some people that puppy really doesnt need a firewall, all of a sudden im a dirtly liar because the new puppy has a firewall. Why would puppy have a firewall as standard if it didnt need to use it?

its like when people ask you about virus protection for linux when they go through their linux OS and find a linux antivirus program then google for antivirus programs for linux and run 4 of them at once. There is no real substantial virus threat in mass circulation that anyone using linux needs to worry about, yet an antivirus program for linux in itself suggests to the newbie linux user mind that linux is vulnerable to viruses just like windows. This is an example.

There is a reason why windows does have a firewall enabled as standard and that is because of the huge amount of spyware trojans virusses out there that infect a windows system then open up ports etc for people to log in and things. There is a genuine real threat to a windows xp or whatever computer that doesnt have a firewall enabled, especially if it is not behind a hardware firewall.

The purpose of my post was to suggest that unlike windows, linux doesnt have this threat in any real capacity that everyday linux users need to worry about. I am even asking people to actually try and break a puppy system that has no firewall in a completely non realistic way that normal everyday linux users dont need to worry about. and i am suggesting that even under these conditions that puppy doesnt need a firewall at all, one little tiny bit whatsoever, hence making people realise that firewall software loading as default and making the newbie mind actually worry about firewalls and such and have them believe that puppy actually needs a firewall, is completely silly.
Back to top
View user's profile Send private message Visit poster's website 
SirDuncan


Joined: 09 Dec 2006
Posts: 836
Location: Ohio, USA

PostPosted: Mon 18 Apr 2011, 12:10    Post subject:  

Jasper wrote:
I am interested so I just ran comprehensive "ShieldsUp" security tests with my firewall off and with my firewall on and in both cases the results were identically perfect.

rcrsn51 wrote:
In my experience, if your computer is behind a router or modem that performs NAT (ie. you have a local IP address like 192.168.x.y), then security testers like ShieldsUp will report that your system is safe. Supposedly, that's because they cannot see past the router.

Any good home router (or any business/enterprise class router) will normally come with a firewall built in. If that firewall is properly configured, then it will be the same as if you were running one locally from the perspective of someone outside the local network.

_________________
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath
Back to top
View user's profile Send private message Visit poster's website 
Luluc


Joined: 16 Mar 2011
Posts: 200

PostPosted: Mon 18 Apr 2011, 12:11    Post subject:  

Linux without a firewall is perfectly safe until:

- you run a browser with Flash, Javascript or other scripting technology -- but no firewall will help you with that;

- you run services that interface with the internal network (e.g. a Wifi spot) or the Internet: Apache, Web servers, email servers, FTP, SSH etc.

If, for example, you like to leave sshd running so that you can access your own machine remotely, or if you run Apache for Web development, then a firewall will have some purpose.

Note that many ISPs have their own firewall and usually block incoming requests on low ports like 22 or 80. So even if you are running Apache on default port 80, you can access your test site on http://127.0.0.1 or http://192.168.1.x or something like that on your browser, but people out in the wild will not be able to access it. In that case, you are automatically sheltered.
Back to top
View user's profile Send private message 
r1tz


Joined: 09 Sep 2010
Posts: 165
Location: In #puppylinux (IRC)

PostPosted: Mon 18 Apr 2011, 13:10    Post subject:  

Luluc wrote:
If, for example, you like to leave sshd running so that you can access your own machine remotely, or if you run Apache for Web development, then a firewall will have some purpose

Firstly, i dont believe many users will be using such services.

Please dont tell me you do... im talking about the less advance users who use the web mainly for browsing, chatting music and stuff.

Secondly, if you have for example, sshd running, it firewall doesnt prevent you from remotely accessing your sshd. What makes your think firewall will block others?
Back to top
View user's profile Send private message MSN Messenger 
Luluc


Joined: 16 Mar 2011
Posts: 200

PostPosted: Mon 18 Apr 2011, 13:16    Post subject:  

r1tz wrote:
Secondly, if you have for example, sshd running, it firewall doesnt prevent you from remotely accessing your sshd. What makes your think firewall will block others?


If you know the IP address of your remote location, for example your office/company, you can configure your firewall in your home PC to allow access from that IP only.

Hypothetically, an attacker from the same IP (i.e. your own work place) would not be stopped by the firewall on the home PC, but that's still better than leaving the firewall open to the entire Internet.
Back to top
View user's profile Send private message 
sickgut


Joined: 23 Mar 2010
Posts: 1157
Location: Tasmania, Australia in the mountains.

PostPosted: Mon 18 Apr 2011, 14:00    Post subject: re: sshd type services  

so what if someone accesses your sshd login? you would have to be extreemly silly to not have a decent password attached to it. in this case (also the same case with 100's of thousands of vps servers with linux on them that are mainly accessed via ssh to administer them etc that generally have no firewalls, i have one myself) the sshd program itself provides the security.

most people dont have the sshd port blocked with a firewall because often the idea of having sshd running in the first place is to access your computer from a network that is outside of your home and from a wifi hotspot or friends computer you have no idea of the ip address you should allow through your firewall to grant you access .

but if you believe your sshd argument has weight then im sure that you can demonstrate a step by step way of accessing a linux system running sshd that is propperly configured and is password protected. Ofcause is not a password you could possibly know or the experiment is moot, and show us how having a firewall prevents someone hacking your sshd server and entering the correct password, then ill eat my hat.

the idea here is to actually breach a puppy linux system that has no firewall, and not be able to do it again if there is a firewall in place.

no use saying someone could do this or do that..... just do it and show us.
Back to top
View user's profile Send private message Visit poster's website 
r1tz


Joined: 09 Sep 2010
Posts: 165
Location: In #puppylinux (IRC)

PostPosted: Mon 18 Apr 2011, 14:07    Post subject:  

Luluc wrote:
r1tz wrote:
Secondly, if you have for example, sshd running, it firewall doesnt prevent you from remotely accessing your sshd. What makes your think firewall will block others?


If you know the IP address of your remote location, for example your office/company, you can configure your firewall in your home PC to allow access from that IP only.

Hypothetically, an attacker from the same IP (i.e. your own work place) would not be stopped by the firewall on the home PC, but that's still better than leaving the firewall open to the entire Internet.


You can ask sshd to only allow certain IP address.

That is not the job of firewall.

Firewall = blocking of packets. (over simplifying... but that's basically it)
Back to top
View user's profile Send private message MSN Messenger 
Display posts from previous:   Sort by:   
Page 1 of 13 [182 Posts]   Goto page: 1, 2, 3, ..., 11, 12, 13 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Users ( For the regulars )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1075s ][ Queries: 12 (0.0106s) ][ GZIP on ]