On Tue, Jul 29, 2003 at 03:19:41PM +0000, Shane Hollis wrote:
> One of them required you to open up the firewall for remote
> administration (which of course is always hackable by brute forcing of
It is not uncommon to see remote administration functionality listening
on Internet facing connections. Thankfully, some vendors are at least
smart enough to only allow administrative connections via the LAN
connections. Most are not.
> passwords etc) and also enable universal plug and pray UPNP. Anyone
> who enables UPNP after being consistently told how stupid it is to do
> that and what kind of M$ exploits are available deserves to be hacked.
> This was the only external intrusion I saw listed.
When did the average user learn that UPnP was insecure?
It seems fairly likely that your average, clueless user would turn UPnP
on for convenience if the rest of their network was already UPnP
enabled.
> I repectfully stand by my statement that, 'Hardware firewalls cannot be
> ***-->software cracked<*****, are fast and don't absorb CPU time.' No buffer
Yes, they can. These devices are running software to perform their
function.
"Hardware" firewalls are only faster than an equivalent PC-based
firewall if they have the ability to unload some of the routing,
checksumming and filtering off to dedicated hardware. To get this kind
of offloading, you need to spend big money.
An el-cheapo firewall with the junk NICs that they usually come with are
never going to be faster than a low-end PCI-based PC with decent NICs.
Cheers,
-mjg
--
Matthew Gregan |/
/| [EMAIL PROTECTED]
