×

Loading...
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。
Ad by
  • 最优利率和cashback可以申请特批,好信用好收入offer更好。请点链接扫码加微信咨询,Scotiabank -- Nick Zhang 6478812600。

@Hamilton

it is not that easy to learn the ip, a good configured firewall do not answer every tcp/ip request.

redspider(忙啥!歇着吧!)
even you open 80/21 port, but the firewall tracks every connection session, with randomized syn number, try to hijack this kind of connection is impossible.

high-end firewall normally include IDS service, they can dectect nearly all kind of attack by using attack signature and with appropriated answer(drop, reset, alarm).

web server normally is placed in DMZ, so even attacker damages the web server, with internal network secured, you can restore the web server within hours.

in an enterprise evironment, without using a firewall is unthinkable,
(#1575017@0)
Last Updated: 2004-1-24
This post has been archived. It cannot be replied.
Report

Replies, comments and Discussions:

  • 工作学习 / IT杂谈 / 大家来讨论一下网络安全的问题吧,理论知识也可,实践经验也行,亲身经历更好 -onboard(onboard); 2004-1-23 {210} (#1573710@0)
    1 大家伙都用啥防火墙啊?防火系数多少啊?
    2 大家都遇到过哪些攻击啊?胜负战况如何?
    3 用自己的机器作web或ftp服务器放在网上有多大风险啊?他们能把我咋地呀?
    4 敌人要发起攻击所需掌握的必要信息有哪些啊?
    5 等等..
    • redhat linux 8+ iptables, NAT, stable and safe -packet(hello); 2004-1-23 (#1573940@0)
      • and it is FREE!!! -redspider(忙啥!歇着吧!); 2004-1-23 (#1573986@0)
    • 如果你打算建一个大网站,一定要关闭不用的service。最常见的攻击就是DoS,还有就是突然出现大量的connection以及traffic。对于小用户来说,这个没办法对付,出现这种情况最好关机。 -lionel(Lionel); 2004-1-23 {133} (#1573954@0)
      敌人要发起攻击,想掌握的信息主要包括,你的OS版本,打开的port以及相关的service版本。但这些都不是必要的。只有你的IP地址是一定要知道的。
      • 知道ip是很容易的事吧, 封住所有端口也不太可能, 比如至少80, 21之类要打开吧. 那么那些大的网站是怎样保证自己的安全的呢? 防火墙的作用只是封住想封的端口吗? 没有装防火墙的话是不是任人宰割呀? -onboard(onboard); 2004-1-24 (#1574912@0)
        • it is not that easy to learn the ip, a good configured firewall do not answer every tcp/ip request. -redspider(忙啥!歇着吧!); 2004-1-24 {557} (#1575017@0)
          even you open 80/21 port, but the firewall tracks every connection session, with randomized syn number, try to hijack this kind of connection is impossible.

          high-end firewall normally include IDS service, they can dectect nearly all kind of attack by using attack signature and with appropriated answer(drop, reset, alarm).

          web server normally is placed in DMZ, so even attacker damages the web server, with internal network secured, you can restore the web server within hours.

          in an enterprise evironment, without using a firewall is unthinkable,
          • 讲的真好, 感觉明白一些了. 再问几个具体的问题. 多谢了! -onboard(onboard); 2004-1-26 {423} (#1577274@0)
            就个人用户而言,

            1. 如果机器上有一些敏感信息, 又没有装防火墙, 连到网上后信息被别人拿到的可能性有多大呢?
            2. 如果装了防火墙呢?
            3. 如果这台机器还同时用作web&ftp服务器呢
            4. 使用Emute, BT之类的软件有什么潜在的威胁吗?
            5. 使用MSN, QQ之类的软件有什么潜在的威胁吗? 象为了实现MSN语音还要打开那许多端口
            6. 和直接联网的机器在同一个局域网上的机器中的数据有危险么?
            7. 攻击的严重性有多大呢? 攻击者在我的机器和局域网上能作些什么呢?
            • my opinion... -redspider(忙啥!歇着吧!); 2004-1-26 {418} (#1577473@0)
              1. hard to say, if no firewall, use strong encryption for your files.
              2. better then non.
              3. the more service is open, the danger is greater.
              4. i don't use them.
              5. i don't use them either.
              6. once hacker gets throught firewall, they can normally attack the network.
              7. it depends, no one can tell. some hacker is just for fun, some hacker could use your machine like a gateway to attack the target (ex. DDOS)
              • Thanks a lot!!! -onboard(onboard); 2004-1-27 (#1578857@0)
          • Hijacking of connection is not impossible but very difficult. Firewall doesn't help to prevent such hijack. -secfan(WhoAmI?); 2004-1-28 {260} (#1580893@0)
            I'm not sure if including IDS service in a firewall is a good idea. It gives you overwhelming number of alarms and finally you may just ignore all of them. The problem of IDS is high false positive rate. And you need human to analyze all the alarm messages.
        • 没有防火墙的主机,我们都成做“肉机”嗬嗬,顾名思义,就是任人宰割的。防火墙除了封端口,还一做IDS,流量控制,还可以对一些常见的攻击,比如大量的ping进行filltering. -johnnyhatesjazz(Rock and Roll); 2004-1-27 (#1579042@0)

More Topics

  • 宇宙中的物质,84%是暗物质,剩下16%是普通物质,普通物质里只有五分之一发可见光,所以我们能看到的宇宙是宇宙的很小一部分。我的问题来了:我们身边有暗物质吗?
  • Anti-Gravity Technology Hidden in Nature - Viktor Grebennikov
  • 在空间上呆一年,吃什么?有红烧肉吗?有猪头肉吗?没有的话我不去。
  • Ancient Egyptian electricity inside the Great Pyramid of Giza
  • Elon Musk Unveils UFO Fighter Jet That Defies Physics
    • 枫下论坛主坛工作学习IT杂谈