<html><head/><body><html><head></head><body>Humans write code and make hardware. We make mistakes. We do not think of all the attack vectors. There are more protocols on a network than ICMP and IP. Many firewalls do not block those other protocols.<br>
<br>
No device on a network is safe. You are not paranoid enough.<br><br><div class="gmail_quote">"Ron Frazier (ALE)" <atllinuxenthinfo@techstarship.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre style="white-space: pre-wrap; word-wrap:break-word; font-family: monospace; margin-top: 0px">The discussion on vpn's and security at Emory prompted me to ask this. This was prompted by some statements in another thread that a PC could be in danger if attached to unfiltered lan ports on Emory's network.<br /><br />Assume you have a PC connected directly to the internet. It doesn't matter if it's linux, windows, mac, or android. I'm speaking in conceptual terms. Assume the PC is not running any server type programs, so it is not listening on any ports. Assume no one is browsing to potentially malicious web pages, or even any web pages. The PC is just sitting there idling. Assume the PC has firewall software running. The firewall's only job is to drop all packets that are not part of a response to an inquiry that this PC has issued. I don't want to debate, at this point, the pros and cons of dropping all packets or operating in stealth mode.<br /><br />My questio
n is,
conceptually speaking, how can this PC POSSIBLY be vulnerable to any remote attack? How could anything phase it?<br /><br />Then, how does the answer change depending on whether it is linux, windows, mac, or android.<br /><br />Finally, if it were behind a hardware firewall, or router, how could any unwanted packets get on the lan?<br /><br />Sincerely,<br /><br />Ron<br /><br /><br />--<br /><br />Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.<br />Please excuse my potential brevity.<br /><br />(To whom it may concern. My email address has changed. Replying to former<br />messages prior to 03/31/12 with my personal address will go to the wrong<br />address. Please send all personal correspondence to the new address.)<br /><br />(PS - If you email me and don't get a quick response, you might want to<br />call on the phone. I get about 300 emails per day from alternate energy<br />mailing lists and such. I don't always see new email messages
very
quickly.)<br /><br />Ron Frazier<br />770-205-9422 (O) Leave a message.<br />linuxdude AT <a href="http://techstarship.com">techstarship.com</a><br /><br /><br /><hr /><br />Ale mailing list<br />Ale@ale.org<br /><a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><br />See JOBS, ANNOUNCE and SCHOOLS lists at<br /><a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br /></pre></blockquote></div><br>
-- <br>
Sent from a Linux system.</body></html></body></html>