lucky13
Group: Members
Posts: 1478
Joined: Feb. 2007 |
 |
Posted: May 01 2007,22:51 |
 |
Depends how you use DSL. Live CD? No problem -- it's read only. Installed to hard drive? It could be a little dicier depending on what you do, what you add, etc. (e.g., see the apple sucks category of my blog -- http://lucky13.blogsavy.com -- if you run QuickTime via a browser plug-in with Java enabled). DSL is very tight by default. You're at greater risk, though, if you're careless with setting up various services in certain ways or if you run something that's exploitable (apple sucks). And you're susceptible to even more risk if you run as root when networked.
You can try a port scan, either yourself or use one you find from a trusted website. I've used this one since Symantec shut down Sygate's scan (only works with Win and Mac now):
http://probe.hackerwatch.org/probe/
If you want to check your own ports (etc.), download the nmap/nmapfe extension from MyDSL.
I've run the hackerwatch scan with and without the MyDSL rc.firewall extension. Like I said above, DSL is pretty tight by default, but the firewall keeps your computer from responding to probes. I've done a few things like reassigning certain ports to make my computer a little safer, and done a few other things as well.
Okay, I was waiting for this to finish so I could show you the results. I just ran the hackerwatch simple probe again and this is the output WITH rc.firewall on (differences italicized):
| Quote | Traffic Sent
Packets were successfully sent to your computer. The server was unable to obtain a connection or any traffic from your computer. This generally indicates that your firewall blocked the traffic successfully.
If you did not see an event warning it may indicate that the traffic did not reach your computer at all.
This could be due to any of the following reasons:
* You are connecting to the Internet through a proxy server. When we attempted to connect back to the IP address your web traffic came from we actually were connecting to the proxy server, not your computer.
* You are behind a corporate firewall which is redirecting traffic in an unexpected manner.
* You are connecting to the Internet through a NAT (network address translator). When we attempted to connect back to the IP address your web traffic came from we actually were connecting to the proxy server, not your computer.
In any of these cases you will not see an event notification on your computer because our connection attempt did not reach your computer. In any case, your computer is secure. |
And this is with rc.firewall stopped:
| Quote | Packets were successfully sent to your computer. You should be aware that we were able to get a response from the computer at the IP address your traffic is originating from.
This could be due to any of the following reasons:
* You are connecting to the Internet through a proxy server. When we attempted to connect back to the IP address your web traffic came from we actually were communicating the proxy server, not your computer.
* You are behind a corporate firewall which is redirecting traffic in an unexpected manner.
* You are connecting to the Internet through a router behaving as a NAT (network address translator). When we attempted to connect back to the IP address your web traffic came from we actually were communicating with the NAT, not your computer.
* Your firewall is not running.
In any of these cases you will not see an event notification on your computer because either our connection attempt did not reach your computer or the firewall is not operating. If you are in a corporate LAN, or using a cable or DSL router you are behind another firewall/proxy or NAT and your computer is secure. |
The latter is based on DSL's default (plus a couple changes that didn't figure in to their simple scan). You shouldn't feel vulnerable, but you shouldn't get complacent about it, either.
My blog has been up and down. Check back periodically or look up the following at Google news:
gartner quicktime browser java
I almost posted a warning here about this yesterday since it could affect so many computers and there are people here who use Windows and Macs, but Mozilla's Linux products and Dillo don't have QuickTime plug-ins (I don't know if the API in MPlayer with QuickTime codecs can be used to launch the same kind of exploit, but I'm going to assume this mostly affects Mac and Windows computers). The quickest remedy if you do have a QuickTime plug-in on any computer is to either disable/remove QuickTime plug-ins or completely disable Java in your browser until Apple gets their act together.
(Edited blog link.)
--------------
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)
|
.
DSL Market ,
Great VPS hosting provided by Tektonic
