Netgear portscanning me?

Netgear portscanning me?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Netgear portscanning me? Tam 09-03-2007
Posted by Sebastian G. on September 6, 2007, 1:52 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Chuck wrote:

> Ansgar -59cobalt- Wiechers wrote:

> You've obviously not been in IT very long.


At any rate, it seems that if you have been in IT very long, you had a long
time doing wrong/stupid things.

Posted by Chuck on September 5, 2007, 2:55 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Ansgar -59cobalt- Wiechers wrote:
>> Ansgar -59cobalt- Wiechers wrote:
>>>> Double firewalling is standard industry practice.
>>> To achieve what? Aside from increased sales for personal firewall
>>> vendors, that is.
>>>
>>>> Do you disagree?
>>> Well, I for one most certainly do.
>>>
>>>> If so I hope you are not working as a network administrator.
>>> M-hm. You have some arguments to go with that opinion of yours?
>> Arguments? Sure. Any PC on your LAN that does not have a software
>> firewall is vulnernable if any other machine gets infected with a WORM
>> or gets hacked.
>
> So tell me: how did that other machine get hacked or infected with a
> worm in the first place? And how does the software firewall protect the
> ports you need to be open in your LAN? (because most certainly any other
> port would be closed and thus not exploitable, wouldn't it?)
>
>> It's that simple.
>
> Frankly, no, it ain't.
>
>> Remember that DNS corrupting worm from about 2 years ago?
>
> No. What "DNS corrupting worm" are you talking about?
>
>> An awful lot of network admins learned the hard way about double
>> firewalling that day didn't they?
>
> M-hm. In my network the systems are kept up to date, they don't have
> services running they're not supposed to, and the network is properly
> segmented with firewalls on the boundaries. So tell me again: what
> exactly do I need double firewalling for? Other then increasing the
> vondors' revenue, my network's complexity, and my own workload?
>
>> You can chose to disagree that double firewalling is not standard
>> industry practice but that does not change the fact that it is. A
>> simple google of "is double firewalling a standard industry practice"
>> returns over a million hits.
>
> A million flies ...
>
> cu
> 59cobalt


The OP was talking about a SOHO network with a single switch/router. One
segment only. In such an environment double firewalling is essential if
there is the possibility of an infected PC being added to the network.

The worm I was referring to is documented here:

http://www.cnn.com/2005/TECH/internet/08/16/computer.worm/index.html

I referred to it incorrectly as a DNS corrupting worm because in the
environment where I work it was windows 2000 based DNS servers that were
affected. The point however is still valid. If these servers had been
properly firewalled they would not have been affected.

Posted by Volker Birk on September 5, 2007, 3:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> http://www.cnn.com/2005/TECH/internet/08/16/computer.worm/index.html
> I referred to it incorrectly as a DNS corrupting worm because in the
> environment where I work it was windows 2000 based DNS servers that were
> affected. The point however is still valid. If these servers had been
> properly firewalled they would not have been affected.

If these servers wouldn't have offered network services to the Internet
they should not offer, no firewalls would have been needed.

These worms are why I hacked http://www.dingens.org at this time.

The problem is not, that those servers needed firewalling. The problem
is, that Microsoft failed and have to answer for all this damage,
because it's completely moronic to offer unneeded network services
which are potentially vulnerable, and to make this the default and even
make it complicated to stop that.

To be clear:

What we're talking about is worm-rbot.cbq.

<http://www.sophos.com/virusinfo/analyses/w32rbotcbq.html>
| Name > W32/Rbot-CBQ
| Type * Worm
| How it spreads * Network shares
| Affected operating systems * Windows

BTW:

| What this worm has to do with DNS * completely nothin' ;-)

It's completely idiotic to enable network shares to the Internet. Just
disable them => no firewalling needed.

Yours,
VB.
--
"Es muss darauf geachtet werden, dass das Grundgesetz nicht mit Methoden
geschützt wird, die seinem Ziel und seinem Geist zuwider sind."

Gustav Heinemann, "Freimütige Kritik und demokratischer Rechtsstaat"

Posted by Ansgar -59cobalt- Wiechers on September 5, 2007, 5:25 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
> Ansgar -59cobalt- Wiechers wrote:
>>> Arguments? Sure. Any PC on your LAN that does not have a software
>>> firewall is vulnernable if any other machine gets infected with a
>>> WORM or gets hacked.
>>
>> So tell me: how did that other machine get hacked or infected with a
>> worm in the first place? And how does the software firewall protect
>> the ports you need to be open in your LAN? (because most certainly
>> any other port would be closed and thus not exploitable, wouldn't
>> it?)

These questions still stand.

[...]
>>> Remember that DNS corrupting worm from about 2 years ago?
>>
>> No. What "DNS corrupting worm" are you talking about?
[...]
> The OP was talking about a SOHO network with a single switch/router.
> One segment only. In such an environment double firewalling is
> essential if there is the possibility of an infected PC being added to
> the network.

I fail to see what kind of threat that "infected PC" would pose to
properly configured and patched systems on the same network segment.
Please elaborate.

> The worm I was referring to is documented here:
>
> http://www.cnn.com/2005/TECH/internet/08/16/computer.worm/index.html
>
> I referred to it incorrectly as a DNS corrupting worm because in the
> environment where I work it was windows 2000 based DNS servers that
> were affected. The point however is still valid. If these servers had
> been properly firewalled they would not have been affected.

That was a Zotob variant. Microsoft released a patch for the exploited
vulnerability a week earlier, and filtering that crap at the network
boundary would most certainly have prevented an infection (see MS
Security Bulletin MS05-039 [1], section "Vulnerability Details"). I fail
to see any need for personal firewalls on any computer in the LAN
because of this.

[1] http://www.microsoft.com/technet/security/bulletin/MS05-039.mspx

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Posted by Sebastian G. on September 6, 2007, 1:54 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Chuck wrote:


> The OP was talking about a SOHO network with a single switch/router. One
> segment only. In such an environment double firewalling is essential if
> there is the possibility of an infected PC being added to the network.


Now speak after me: - D M Z
- host pro tec tion

> If these servers had been
> properly firewalled they would not have been affected.


If these servers had been properly patched they would not have been affected.

Anyway, we'll try it again: - D M Z
- host pro tec tion
                         - I P sec

Similar ThreadsPosted
Netgear FVS318 and Netgear (ProSafe) VPN Client problem through firewalls July 15, 2004, 9:17 am
Netgear FVS114 with Netgear DG814 with Single IP Address February 26, 2007, 7:48 pm
How did netgear do that? December 5, 2004, 6:30 pm
Netgear VPN April 19, 2007, 7:54 am
NETGEAR WGT 624 Log Viewer? November 6, 2004, 2:06 pm
Netgear FVS338 April 25, 2005, 7:52 pm
Netgear FR114P May 21, 2005, 8:19 pm
Netgear FR114P` September 5, 2005, 11:11 pm
netgear fsm7326 September 14, 2005, 8:16 am
NetGear FVS124G April 6, 2006, 9:47 am

The site map in XML format XML site map

Contact Us | Privacy Policy