Security - was Invisible Windows

Gene Heskett gheskett at wdtv.com
Sat Jun 29 10:38:35 UTC 2013 

On Saturday 29 June 2013 05:59:34 GaryT did opine:

> On 28/06/13 22:21, Gene Heskett wrote:
> > On Friday 28 June 2013 07:47:08 GaryT did opine:
> >> Help :-)
> 
> [snip]
> 
> > And this has happened in the past too?  Either you have been hacked,
> > wipe that drive clean & reinstall, or that mouse hates you, replace
> > it.
> > 
> > In fact, I would not only do both of those, I would also order me a
> > Buffalo Netfinity router, and install dd-wrt on it as insurance
> > against being hacked again.  That is the best kept secret to home
> > security, essentially like having a loaded 12 gauge shotgun leaning
> > against the front doors inside frame.  And both write down, and set,
> > an alphanumeric password at least 24 characters long.  Few hackers
> > will even think of trying to guess the password since at 5 guesses a
> > second, they will be century's doing it.
> > 
> > There are a couple rootkit snoopers extant, but neither seems to have
> > been updated in at least a year, one is chkrootkit, the other is
> > rkhunter.  But rkhunter needs to be installed on a clean machine
> > since it keeps a database of the crc's of the important files so it
> > can alert you later.
> 
> Gene, how do you avoid the possibility that someone can easily enter
> your machine whilst you are browsing?  When I'm browsing I see a great
> many IP addresses that belong to a wide variety of people and companies.
> Most often advertisers on the web page, but also others.
> I use the old FireStarter for that purpose - and can see up to 50 or 70
> different connections at times, dependent upon the Web page I'm
> visiting.
> 
> Always Google, because they are a fixture. They watch everything.
> After I removed the hard coded link to Google from FireFox, the Google
> presence seemed to slow a little but they are still there. There is also
> a big server in France that receives a lot of info from my machine any
> time I start FireFox while online. The only way I avoided that was to
> start FireFox BEFORE going online.  But, they are there, it's hard coded
> into the FireFox settings.
> 
> Once someone has a connection, called by the web page, they can deposit
> pretty much anything. I use Wireshark to capture all activity and there
> is always a lot of traffic to/from organisations that are part of, or
> have attached themselves to the browsing activity.
> 
> What good is a fancy firewall in a very common case like that?
> GT

The idea about the firewall is nothing is allowed in unless your machine 
initiated the connection.  And I do use some blocker plugins with FF. 

Locally hosted web pages are the exception but you must setup the proper 
redirection on a port by port basis to allow that.

I am looking at the awwfull stats for this month, and France is not listed.  
googlebot spider is the highest rated, and they totally ignore the 
robots.txt file.  Surprisingly 7% of the traffic is from china.  Overall, 
the list seems fairly international, with only 65% of it from US based 
sites.  But I do set perms pretty tightly.  Cookies worry me, and I 
occasionally do some housekeeping there, but generally its ALL read-only.  
If you set it up right, apache2 seems to take security seriously.

I used to keep a tail on the log from dd-wrt thinking it might be 
interesting to watch the rejects, but since the unwanted stuff never gets 
past dd-wrt, I quit that about 3 years ago as wasted time.  I've seen 
dictionary password attacks from N.Korea that lasted in one case, 27 hours 
before they gave up, at 5 or so attempts a second. dd-wrt Just Works(TM), 
and has been doing so here for several years.  But I've also posted bitches 
to his ISP, available via a whois.  I did that several times back when I 
was running the x86 version of dd-wrt on an old, headless 500 mhz box, and 
it was surprisingly effective with that src IP usually disappearing within 
20 minutes.  But playing whack-a-mole without bullets gets boring. :)

Cheers, Gene
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
My web page: <http://coyoteden.dyndns-free.com:85/gene> is up!
My views 
<http://www.armchairpatriot.com/What%20Has%20America%20Become.shtml>
If Love Were Oil, I'd Be About A Quart Low
		-- Book title by Lewis Grizzard
A pen in the hand of this president is far more
dangerous than 200 million guns in the hands of
         law-abiding citizens.

More information about the ubuntu-users mailing list