[plug] Advantages of Linux-based firewalls?

[Christian]

On Wed, Feb 28, 2001 at 08:42:01AM +0800, billk at iinet.net.au wrote:
> True, but the ones it will have open (depending on the firewall settings,
> if used) will be 139, possibly dhcp etc which can be easily shown to be
> vulnerable -  ie.e, adverstised windows shares.

Does Windows 9x run a DHCP server??  Certainly 139 is a worry --
assuming the user is sharing something and since we're talking about
*default* configurations then nothing will be shared.  However, I wonder
how many there are on this list with default installs of Red Hat who
have installed a vulnerable version of BIND, wu-ftpd or proftpd, amongst
others.

> Also, dns probes on my dialup seem to be hitting new highs, as well as ftp
> ones at the moment.  A lot of the ftp ones are one or two isolated packets
> which would go unnoticed by most monitoring programs.  With wingate, was
> never aware that this was even going on until I switched to linux.  Is
> better to be aware that you are being (even if unsuccessfully) probed than
> be blissfully unaware and eventually getting caught out!

And if you were running a default install of Windows then those FTP and
DNS probes would have zilch effect.  As I said, the default installs of
most Linux distributions would be vulnerable to a remote root exploit.
At least with Windows the user has to run malicious code to give a
remote attacker complete control over their machine.  With Linux this is
the pretty much the default behaviour.

Having said all this, someone who knows what they're doing can make
Linux a lot more secure than Windows so I'm not trying to talk anyone
out of using Linux as a NAT router.  Just be aware that by default the
system is probably a lot less secure than even Windows -- it might be
hard to argue Linux's continued use when you find out that your box was
0wn3d within 10 minutes of being online.