(old)Puppy Linux Discussion Forum

SirDuncan

I'm pretty sure it is not Bernie_by_the_Sea's position that the memory
increase by larger iptables is reason not to run a firewall. Rather, merely a
technical statement or calculation on the resource usage, which was I think
an answer to a question.

Bruce

SirDuncan wrote:That's because there is no process for iptables. It is literally a function of the kernel. You won't see a process for rc.firewall either. It only runs for about a second at startup in order to configure the firewall settings. Unless there is some other related script that is running that I don't know about (always a possibility), there is no additional constant overhead beyond what you get from iptables in the kernel.

Correct me if I'm wrong. But if you don't load the firewall, then certain kernel modules aren't loaded either. So there will be a savings by not having those modules in place.

Going off topic (perhaps), this morning I took a closer look at the latest Knoppix firewall which is somewhat similar to Puppy’s. By default it starts with all common ports closed and none stealthed. It responds to pings. Most security experts say a no-stealth/ping-replying firewall is bad but the majority of Knoppix users (I imagine) run it as a Live CD (but my imagination might be wrong because I know two college students who have a Knoppix full HD install as their only OS)... Now I forgot where I was going with this, but then I’m 83 years old and my senior moments grow longer. I also tend to ramble on at length about nothing so I’ll leave this in my post. Maybe somebody knows where I was going.

Actually my position is that an ordinary home user running Linux of any flavor does not need a firewall. Obviously someone doing a bit more with their computer than the ordinary home user probably does need a firewall although not for malware/virus avoidance as in Windows. Some advanced Linux users probably a firewall to avoid system overload crashes from roving bands of inquiring intruders (speaking almost poetically). I think this boils down to personal use determining the need for a firewall. No matter what the system some need a firewall and some don’t (even in Windows). Thus a firewall should be optional, easy to enable or disable. A new user should be told if the firewall is disabled by default.

Now the question becomes are Puppy users ordinary home users?

Bernie, good question
let the user decide what he needs

OP,
idiotic question
Puppy really doesn't need a firewall. It is a distro.
And please don't flame non-English speakers not before you are writing English correctly

waste of ..... time?
Sure, OP did want only "prove me wrong"

sickgut

You want a mathematical demonstration.

So here is your answer:
For any OS(Win(s), MacOS, Linux(es), MVS, ...) a firewall will never prevent you from a
* eavedropper
* malwares/virus
* trojan

Now, why would one use a firewall ?
Well, I'll make an analogy. It's like a airbag, it could safe you from injuries, but it'll neither prevent you from driving crazy, nor having a fatal accident... still you prefer to have one( and now cars have manies). Furthermore, you want them to be there, but never be used !

Your remark about being, something as stupid to have 4 anti-virus under Linux.
Well, again cast a look a www.virustotal.com, but also anti-virus concept is going obsolete, as virus can be too tricky to discover (encrypted & spread over different files).

If you are concerned by ressources consommation, simply turn it off.

But a better question could be, what the Puppy firewall is supposed to do? Does it in efficient way ?

If you run Puppy from a multisession DVD in a computer that has no hard disk drive, as I do, then I can't see the need for a firewall. Even if something from the internet did manage to take over Puppy, which as far as I know has never happened, to restore Puppy to the way it was, I just reboot without saving.

Without being paranoïd, it won't prevent from
1/ eavedropping
2/ redirecting to another system that you might be connected to
But appart from eavedropping you do a hard hacking job.

Is anyone here familiar with the Kerio PF for Windows? Not the new one, but the older one. Something like release 2.15.

I love that firewall and would be thrilled if Linux had something with that level of control. And ease of use.

~

Bruce B wrote:Is anyone here familiar with the Kerio PF for Windows? Not the new one, but the older one. Something like release 2.15.
I love that firewall and would be thrilled if Linux had something with that level of control. And ease of use.
~

Me too!!!!!!!!

Yes, me too, kerio 2.1.5 still running on my winXP machines and from the win98 days...

If I remember well, Kerio was first Tiny Personal Firewall.
For some reason I changes to Outpost, but it started to be paid only after a certain release. Good support in the time of the free version of Outpost.

So is this the definitive answer to sickgut's original, and quite valid, question?

Luluc wrote:Sigh. People have all these misconceptions about "breaking into" a computer...

Nobody can magically break into your computer if you are not running some service like SSHD or FTPD. Very, very few people run these kind of services on desktop machines. An intruder would have to attack one of such services and guess one of the login passwords. Just don't run any such services and you're fine.

Another attack may come from the browser. A browser may visit an infected site and run arbitrary code. "Arbitrary code" means "pretty much anything". Maybe such code could change your root password and launch sshd or ftpd, I am not sure. That is why running a browser as root is not a good idea. But if you use Firefox and have the NoScript extension blocking all Javascript except what you allow explicitly, you are 99.99% safe.

This problem stems from the fact that the browser runs as root in Puppy. In other distros, where the user is logged in as ordinary user, it is impossible for an infected site to launch sshd or ftpd on your machine.

Can we conclude that the average user who is not running some kind of service does not need a firewall?

Am I correct in assuming that even if you had the Puppy firewall running, it would not stop outgoing traffic from something malicious on your computer like a bot?

rcrsn51 wrote:Can we conclude that the average user who is not running some kind of service does not need a firewall?

That is correct to a large extent. When you say "the average user," you include a very large number of people, mainly those who just use a desktop machine, without any servers, on a regular ISP connection. That definition does not cover all possibilities, but it does cover most cases.

rcrsn51 wrote:Am I correct in assuming that even if you had the Puppy firewall running, it would not stop outgoing traffic from something malicious on your computer like a bot?

Probably true, but I can't tell for sure. Firewall in Linux is way too complicated, I've always been too lazy to study it, I admit I am not qualified to inspect the Puppy firewall configuration to determine what outbound traffic it is ready to stop. My bet would be that no, it does not prevent something malicious from "phoning home" or delivering payload elsewhere.

Luluc wrote:My bet would be that no, it does not prevent something
malicious from "phoning home" or delivering payload elsewhere.

You hit the nail on the head for me.

I know how to setup a tracking and monitoring environment. If I were
suspicious I would setup the environment.

Then I would tell Puppy users.

Then I would stop the forum posting for a while, reorganize my time, and
demonstrate how much publishing power one person has.

The bad guy will learn there is no defense from truth, especially when
published for the good of the public. He can pay his attorneys all he wants.

The publishing will continue as long as the nefarious software is being
used. And then some.

Sounds like big talk maybe. But I did it before, three years spent taking
down three bad companies. I stopped after I learned they were all out of
business.

~

I just remembered that Puppy comes with a pretty good port scanner. So I scanned all my ports from 0 to 65000 on 127.0.0.1. Result:

(ugh, has to be copied manually, no copy+paste )

Port 631 is open. Service unknown.
Port 49960 is open. Service unknown.
Port 53138 is open. Service unknown.

So those ports are open in my Puppy machine, they might be vulnerable. What is running there? Does anyone know?

Edit: ah, sorry, that was the browser.

Luluc wrote:Port 631 is open. Service unknown.

Port 631 is the CUPS daemon.

Bruce B wrote:

Luluc wrote:My bet would be that no, it does not prevent something malicious from "phoning home" or delivering payload elsewhere.

You hit the nail on the head for me.

Is that a yes or a no? If the Puppy firewall does not do this by default, can it be modified?

rcrsn51 wrote:Port 631 is the CUPS daemon.

Not very useful, is it? http://127.0.0.1:631 opens up in my browser, but all links in that page return 500 Internal Server Error. Is that by design?

Luluc,
No that's not normal.
The links should bring you to the different configuration pages.

Luluc wrote:

rcrsn51 wrote:Port 631 is the CUPS daemon.

Not very useful, is it? http://127.0.0.1:631 opens up in my browser, but all links in that page return 500 Internal Server Error. Is that by design?

I guess that you have never installed a printer. Read the discussion here, starting on Page 3. This is now a well-documented problem.

rcrsn51 wrote:So is this the definitive answer to sickgut's original, and quite valid, question?

Luluc wrote:Sigh. People have all these misconceptions about "breaking into" a computer...

Nobody can magically break into your computer if you are not running some service like SSHD or FTPD. Very, very few people run these kind of services on desktop machines. An intruder would have to attack one of such services and guess one of the login passwords. Just don't run any such services and you're fine.

Another attack may come from the browser. A browser may visit an infected site and run arbitrary code. "Arbitrary code" means "pretty much anything". Maybe such code could change your root password and launch sshd or ftpd, I am not sure. That is why running a browser as root is not a good idea. But if you use Firefox and have the NoScript extension blocking all Javascript except what you allow explicitly, you are 99.99% safe.

This problem stems from the fact that the browser runs as root in Puppy. In other distros, where the user is logged in as ordinary user, it is impossible for an infected site to launch sshd or ftpd on your machine.

Doesn't seem like it. Sickgut was looking for

an actual step by step or a demonstration that you can actually do to the system to compromise it

I'd actually like to see that happen. For science! So far it looks to me like Sickgut has effectively dared anyone to crack somebodies Puppy and it hasn't happened. Lot's of woulda-shoulda-mighta-coulda-oughta but no hacks.

tubeguy wrote:For science! So far it looks to me like Sickgut has effectively dared anyone to crack somebodies Puppy and it hasn't happened. Lot's of woulda-shoulda-mighta-coulda-oughta but no hacks.

Cracking ALL Puppies, not just a specific one, via javascript from a web site, is quite easy for any competent hacker who's interested enough. For Science! I am not about to demonstrate such a hack. This type of cracking can only be prevented by (1) having no javascript or (2) staying off that site.

There are a number of hacker forum sites, most in Southeast Asia these days, where they will be glad to tell you how to crack Puppy. While telling you they will be cracking your computer... or at least trying to... that's part of the fun of the hacker/cracker game.