-=PCTechTalk=- Re: Broadband control
- From: RMB White <roguer@xxxxxxxxxx>
- To: pctechtalk@xxxxxxxxxxxxx
- Date: Sun, 03 Aug 2008 16:57:39 +1200
An immensely grateful thank you to Gman! and Don101! for such a prompt
and comprehensive reply,
I have printed both, PLUS the Test results from Shields Up (very scary)
and shall shortly sit down to study them all.
However, a very quick question please, What type, and specification of
Router should I seek?? (The ISP is providing a free modem, which I think
is probably plain vanilla)
Roger W..
On 3/08/2008 4:21 p.m., Gman wrote:
> Roger,
> Broadband's high-speed 'always on' access is not something to fear, nor
> should you waste precious energy calling it names. In fact, dial-up user
> accounts are nearly just as valuable to most crackers as faster connections
> because either type can be used as part of a 'bot-net' for launching DoS
> attacks, sending out Spam, etc.. It's just that broadband accounts are more
> likely to retain the same IP over much longer periods of time, making them
> easier to control once they've been compromised.
>
> Having said all that, there are a few things that will work in your
> favor to help prevent this type of bot ownership of your system. First of
> all, you will be getting your signal through an external modem, which may or
> may not also include a router or router-like functions. In case you're not
> already aware, a router is like an armed checkpoint where all incoming
> packets must stop for inspection. If any given packet doesn't pass muster,
> it is rejected. Although I have never been completely sure of what 'muster'
> means, rejected means the packed is immediately eaten by the router's
> hardware firewall. The poor malformed packet isn't even given the chance to
> call home to report its inability to do whatever it was sent to accomplish.
> In addition, every computer has roughly 65,000 different ports and a
> hardware firewall such as the one provided by a simple router guards every
> one of them. If anything tries to get through that isn't explicitely
> allowed by the rules, it is eaten (these router guards are not only vicious,
> they're insatiably hungry as well). Better yet, the outside world can only
> see the IP address being used by the router. Your own computer will be
> assigned an internal IP by the router that will never be broadcast to the
> outside, making your computer invisible to other systems across the
> internet.
>
> Does this mean that their defenses are completely insurmountable? Of
> course not. But it makes them so much less desirable as a target compared
> to all of the unprotected systems 'out there' (crackers nearly always take
> the path of least resistance). The only type of fool that would work
> diligently enough to possibly gain entry past the router guards would be
> someone targetting your system personally. Since I cannot possibly imagine
> a reason for such a fool to exist, I'm going to go ahead and declare early
> victory for the good guys.
>
>
> Still, hiding your system behind a router is not going to prevent the
> actions of any nasties that you accidentally invite into your computerized
> home. There are plenty of examples of downloadable programs and utilities
> that carry more baggage than they claim. These are called Trojans for a
> reason. While you're trying to install a great sounding toolbar that will
> add smilies to all of your online email, the installer is also downloading
> and installing stuff to make ads appear, even when offline, track your
> movements across to internet to better target you with those ads, or
> installing the latest version of SubSeven, a remote control that gives the
> cracker full control over your system, as a rootkit. For these reasons (and
> MANY more), you will still need to have a well coordinated collection of
> security utilities at your disposal to deal with these possibilities.
> Everything that we have already discussed in the recent past applies equally
> to dial-up and broadband users, so there's really little more I can add.
>
>
> However, I will remind everyone that the partial saying "Love like
> you'll never get hurt" also applies to internet use. If you're going to be
> over-cautious about the whole affair, you will be missing out on the vast
> repository of information and enjoyment that is The Internet. Yes, there
> are bad sites, bad downloads and some bad people that you'll meed in forums,
> chat rooms, and other gathering places, but these events and people are such
> a tiny percentage of what's 'out there' that they cannot be allowed to
> dictate how you approach the net any more than a bad person should be able
> to spoil a great sporting event in a stadium full of good people. The trick
> is to learn the best ways to block out the bad stuff while keeping yourself
> open to the rest. The pursuit of this happiness lies in our never ending
> quest to stay on top of Windows security Updates (the critical ones), keep
> our AV and anti-younameit app's definition files updated as well as stay on
> the lookout for word from other good people who have tested new utilities
> that may work better than the ones we already run.
>
>
> I just recently listed the apps I use to keep my system safe (all are free
> except for my AV) and I'm already accessing the net through an always on
> broadband connection through a router. If you choose to mirror my setup,
> great! There's little else you would need to do other than stay on top of
> any updates for those apps and keep your eyes open for any changes I make to
> mine. On the other hand, there are plenty of other folks who are running
> completely different sets of apps that protect them just as well. But I
> HIGHLY recommend using a router, even if you only have a single computer to
> connect.
>
> Peace,
> Gman
>
>
>
---------------------------------------------------------------
Please remember to trim your replies (including this sentence and everything
below it) and adjust the subject line as necessary.
To unsubscribe or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
To contact only the PCTT Mod Squad, write to:
pctechtalk-moderators@xxxxxxxxxxxxx
---------------------------------------------------------------
Other related posts:
