Jump to content

XP OS vulnerabilities after April 8, 2014


vipejc

Recommended Posts

GOD, you are so full of it/yourself! Please dispute the following -

http://netsecurity.about.com/od/vulnerabilityscanners/a/How-To-Test-Your-Firewall.htm

 

It is usually a best security practice to enable "stealth" mode on the firewall on your router. This helps to make your network and computer less conspicuous to hackers.

http://netsecurity.about.com/bio/Andy-O-Donnell-82564.htm

 

Andy is a well-respected senior security engineer and analyst who has focused the last 13 years of his life developing, managing, auditing, and securing systems for various Department of Defense, Federal, State, and Commercial customers. He has attained several security certifications including:

CISSP (Certified Information Security Professional)

CISSP-ISSEP (Information Systems Security Engineering Professional)

CRISC (Certified in Risk and Information Systems Control)

CSSLP (Certified Secure Software Lifecycle Professional)

If a firewall (hardware=embedded software -or- software-on-pc) is in "stealth mode" and a hacker is traversing the WWW via (Random-or-Sequential-IP)+(All-Ports) -then- if no ACK (whatever) is sent back then HOW ON GOD'S GREEN EARTH does said Attacker even know that IP even EXISTS -and- if there IS no response the said attacker will NATURALLY assume that NO PC IS AT THAT IP - PERIOD! At that point, they have NO REASON to even ATTEMPT to "gain access". I MUST ACCESS A WEBSITE to even DREAM of being accessed! And THAT, sir, is PEBCAK!!!

 

Further, you admittedly work quite a bit on Linux (Unix clone) and (forgive me jaclaz) a direct quote from Steve Gibson

Oh, yeah. You know, it’s the old UNIX guys. And they also dislike the idea that stealthing a machine technically breaks the IP or the TCP...
You are incorrect (IMHO), seeing that you have TWICE stated that, both to me here and Charlotte on the other topic!

 

Now, THIS must be what you base your assertions about Stealth Mode -

http://www.hansenonline.net/Networking/stealth.html

 

THIS supports what has been asserted about using it -

http://www.bleepingcomputer.com/tutorials/understanding-and-using-firewalls/

 

This clearly explains what you continue to assert -

http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol

NOW, if the PING request is IGNORED ("dropped packet" via Stealth) then HOW, pray tell, will a REPLY (of ANY kind) ever tell the hacker ANYTHING (ref YOUR assertions and the link above supporting it)?

 

Please stop with the FUD and contribute something useful since that IS what MSFN is all about. All you've done thus far is spout how you're "smarter than the average bear", "ye of little minds", and "Use Windows 8 because... SECURE!" Rather than go on like that TELL US HOW TO SECURE XP (or any OTHER MS OS for that matter)! You'll get a MUCH warmer reception than you have so far. ;)

 

'Nuff Said!

Edited by submix8c
Link to comment
Share on other sites


While we are at it, I would cite, from the mouth of the wolf :w00t::ph34r:

http://technet.microsoft.com/en-us/library/dd448557(v=ws.10).aspx

 

:whistle:

 

Not that the "other good guys" have a much different opinion ;):

http://support.apple.com/kb/PH11198

though they are actually telling lies (or partial truths) :unsure::

https://scottlinux.com/2012/04/19/os-x-firewall-not-stealth/

 

 

 

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

Forgive me if this question betrays an ignorance of how things work, but I've always entertained the following : That the Best Firewall System---closes all ports all the time. That it only opens a port to the other PC you intend to communicate with, and only for so long as you have business with said other PC. That you are fully "STEALTHED" to all others---Except for the one computer/server---you have business with: that when you are through---the port that you used---is closed once more. Is my understanding of these matters in error?

Edited by cyberformer
Link to comment
Share on other sites

Closed Ports will report that th port is Closed (but the associated IP is still visible). Stealth Mode completely IGNORES the requests so that the Ports (and the associated IP) appear to be nonexistent (invisible). Be aware of the difference.

 

Yes, jaclaz, the poster completely missed the MS Technet link. I had already given it previously and it was TOTALLY ignored and said poster flew in the face of it. :yes:

banghead.gif107.gif

Edited by submix8c
Link to comment
Share on other sites

You still don't get it. You need an open port, inbound, to connect. That means you aren't invisible.

If you care enough, just google around for "stealth port marketing gimmick" and you'll see that some firewalls no longer support stealth mode even.

But cases like this, where users are following marketing without understanding how a port works, are perfect examples of why advice should always be given very very carefully.

Link to comment
Share on other sites

@enxz, that "Open port, inbound" is connecting to a known location (assuming my computer is clean, with no malware), the connection is initiated by me, it's expecting only that traffic, it's not responding to unsolicited traffic (as far as I know, that's a feature of tcp/ip stack of any edition of MS Windows, regardless of the presence of first/third party firewall). Yes, I'm visible, but only to that site. If that site decides to hack me (a drive-by attack) it already is connected to me and knows my ip address and port, so stealth mode doesn't make a difference.

 

I agree there is a statistical possibility for a hacker (man in the middle) to get lucky with this traffic (or to analyze ALL my traffic and craft something, but then I have enormous problem anyway), but that (theoretical) risk can not be avoided anyway. Even having the latest OS doesn't make a difference. Nobody is talking about that. 

 

The (part of the) discussion in this topic (lately) is whether "stealth mode" helps with port scanning, usually the first step of an attack. The second step would be identifying the OS of the target (and stealth mode helps against that too) and finding in a (theoretical) database of all possible vulnerabilites of all possible OSes in (theoretical) posession of the (theoretical) attacker.

 

If any other (theoretical or otherwise) plan of attack is possible, excluding PEBKAC, and you know about it, please be so kind to explain it to us.

 

GL

Link to comment
Share on other sites

No, if the port is open it will respond. You don't 'stealth' open ports.

ex: You can't stealth port 80 with your apache service. You can't stealth port 80 with your Chrome service. The OS does not make the distinction. Any security in terms of isolating traffic is at the application layer.

And then you get to DNS and DHCP etc, various listening ports that also defeat this purpose.

Either way, this is mostly for LAN attacks where the attacker is attempting to acclimate themselves to the local network. Even if stealthed ports worked the way people believe they do (and they don't). That's the whole "hide me from attackers" thing.

Attacks like these only exist on corporate networks for the most part. You gain LAN access and then query the local domain for other hosts using nmap scans. Knowledge of IPs is irrelevant, the gateway has them (of course) and you're scanning that. I've done this to map a network, it's very helpful.

For users your attack is far far far more likely to occur at a compromised webpage, where stealth ports will very obviously have literally no effect whatsoever, even if they *did* work the way people believe they do.

This is wayyyy off topic though lol I mostly just wanted to point out this issue as a side note to the real problem - that people think XP can be secure.

That said, I mostly was killing time on a long and very boring bus ride. It's been very nice talking, but I think we can all just agree to disagree, as always :P . See you next time I stumble across here with some time on my hands, perhaps.

Edited by enxz
Link to comment
Share on other sites

Next time, maybe he can tell me why I should stop using Windows ME. Or why I should stop driving a 1994 Mercury Sable, or why I should stop using my 1970 Ford pickup to haul things, or why I should stop eating candy, or why I should hold my breath if I smell a foul odor, or why I should avoid sunlight between 10am and 2pm.... or why using the same pair of guitar strings for a year and a half is bad for my fingers, and why the strings become oxidized, or why furnace heating is better than electric...

Link to comment
Share on other sites

Next time, maybe he can tell me why I should stop using Windows ME. Or why I should stop driving a 1994 Mercury Sable, or why I should stop using my 1970 Ford pickup to haul things, or why I should stop eating candy, or why I should hold my breath if I smell a foul odor, or why I should avoid sunlight between 10am and 2pm.... or why using the same pair of guitar strings for a year and a half is bad for my fingers, and why the strings become oxidized, or why furnace heating is better than electric...

 

Next time, maybe he can tell me how pebcak is a software issue, and not the user :whistle:, and maybe next time he wont troll ;)

 

Edited by Flasche
Link to comment
Share on other sites

Yes, if you want true security you will run Linux and not Windows. But users here are telling others that they can be secure on XP. The best they can be is lucky, not secure. -enxz

If you want to use garbage software, then use Linux. If you want to use real software use Windows.

Link to comment
Share on other sites

If you want to use garbage software, then use Linux. If you want to use real software use Windows.

 

This, besides being senselessly offensive :w00t:  :ph34r: for the good Linux guys is such an apodictical statement that it IMNSHO effectively lowers the level of this thread well below the already extremely scarce level it reached.  :realmad:

I will tag this post for future use as "uncalled for", "gratuitious", "unbecoming".

 

I had greater expectations from you. :(

 

jaclaz

Link to comment
Share on other sites

This, besides being senselessly offensive :w00t:  :ph34r: for the good Linux guys is such an apodictical statement that it IMNSHO effectively lowers the level of this thread well below the already extremely scarce level it reached.  :realmad:

I will tag this post for future use as "uncalled for", "gratuitious", "unbecoming".

 

I wish you luck Mr.LostinSpace. This post is really OT, but I thought I'd like to quote a post that should help you when jaclaz makes his move :ph34r:

 

Sure :), it is just a funny way to write an introduction, no offence whatever implied or intended (rest assured that IF and WHEN I might attempt to offend you, you will see the difference ;), and you will be really offended :ph34r:) .

Edited by Flasche
Link to comment
Share on other sites

 

I wish you luck Mr.LostinSpace. This post is really OT, but I thought I'd like to quote a post that should help you when jaclaz makes his move :ph34r:

 

 

Naah :no:, if and when jaclaz makes his move, you will have no chances anyway ;).

 

tumblr_l6c3pjdeoF1qz9upvo1_500.jpg

 

But the previous post is to be intended simply as a stern look of disapproval:

stern-look-of-disapproval.gif

 

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

I am willing to give him the benefit of doubt and that he might not have realized what he was saying ... going by his name, I am taking a guess ... and mind you, this is only a guess that there may have been a malfunction with his space suit and for a brief time his brain was starved for a good supply of oxygen ... I'm sure when he is able to get all the controls and knobs lined up again, the oxygen will allow him to make a full recovery ... and all will be well ... we can only hope for the best.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...