[ale] how can a firewalled PC POSSIBLY be attacked?

JD jdp at algoloma.com
Wed Jan 23 06:18:16 EST 2013 

Humans write code and make hardware. We make mistakes. We do not think of all the attack vectors.  There are more protocols on a network than ICMP and IP. Many firewalls do not block those other protocols.

No device on a network is safe.  You are not paranoid enough.

"Ron Frazier (ALE)" <atllinuxenthinfo at techstarship.com> wrote:

>The discussion on vpn's and security at Emory prompted me to ask this. 
>This was prompted by some statements in another thread that a PC could
>be in danger if attached to unfiltered lan ports on Emory's network.
>
>Assume you have a PC connected directly to the internet.  It doesn't
>matter if it's linux, windows, mac, or android.  I'm speaking in
>conceptual terms.  Assume the PC is not running any server type
>programs, so it is not listening on any ports.  Assume no one is
>browsing to potentially malicious web pages, or even any web pages. 
>The PC is just sitting there idling.  Assume the PC has firewall
>software running.  The firewall's only job is to drop all packets that
>are not part of a response to an inquiry that this PC has issued.    I
>don't want to debate, at this point, the pros and cons of dropping all
>packets or operating in stealth mode.
>
>My question is, conceptually speaking, how can this PC POSSIBLY be
>vulnerable to any remote attack?  How could anything phase it?
>
>Then, how does the answer change depending on whether it is linux,
>windows, mac, or android.
>
>Finally, if it were behind a hardware firewall, or router, how could
>any unwanted packets get on the lan?
>
>Sincerely,
>
>Ron
>
>
>--
>
>Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9
>Mail.
>Please excuse my potential brevity.
>
>(To whom it may concern.  My email address has changed.  Replying to
>former
>messages prior to 03/31/12 with my personal address will go to the
>wrong
>address.  Please send all personal correspondence to the new address.)
>
>(PS - If you email me and don't get a quick response, you might want to
>call on the phone.  I get about 300 emails per day from alternate
>energy
>mailing lists and such.  I don't always see new email messages very
>quickly.)
>
>Ron Frazier
>770-205-9422 (O)   Leave a message.
>linuxdude AT techstarship.com
>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo

-- 
Sent from a Linux system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130123/d5e25059/attachment.html>

More information about the Ale mailing list