Firewall security: Problems with simple Samba file share 3589

The vulnerability will not be announced until the patch is ready. But anyway, I said exploited. My point was that if a vulnerability is not being exploited then you have effectively no chance of getting hit by it - when it is exploited (in the sense that you begin to develop a chance of being hit by it), then a fix is generated in a big hurry! Hours. The number of exploit events required to trigger a response is in the order of one or two or three. If it ever hit ten or a hundred or a thousand the response would be mbuttive.

What worms have we had in the past? I recall some combo attack via ftp and lp on rh. Rh fixed that in hours, but no firewall would have helped meanwhile - the services were legitimate and hence would have been open via the f-w.

The same argument applies - they have to update their servers, not have a firewall; the firewall would have holes in it to allow access to their compromisable servers! An ftp server or whatever.

The distro provided servers are also configured that way anyway. If they wanted to make their servers more generally available they would have to configure the server to allow it, and then open the firewall. So the firewall would be no protection when an exploit appears. Only updating the server helps.

8 weeks later it has had the distro updates applied. And if it hasn't, the firewall makes no difference, because it has holes in to allow access to those services if those services have been made available externally. Think ftp - you'd have to let tcpwrappers let it out, then open the firewall for it. If you haven't made the service available generally, then the firewall has not been opened either, but it makes no difference because the service has not been reconfigged t allow anyone but localhost.

Your argument is probably that they intended to allow access for everyone, but entry only for a few. Then a vulnerability appears that escalates access into entry.

Tough - they have to type "apt-get update".

They use apt-get update.

That's fine - let them fear.

It permits access to services. That's the aim of services - to serve, so firewalls are open to them. No net attack is based on an uncommon service not running anywahere except locally! There's no point! Worms only target generic, open, services. The next wuftpd vulnerability please stand up! (aren't we overdue?).

Then they won't be starting services, so they don't need a firewall to disallow access to these nonexisting servers.

They type apt-get update. They always do, because how else can they keep their gam3s up to date? I bet they do it ten times a day.

Peter