flatten and rebuild---REPLACE!

And so on....the whole concept of trusted servers is so lame.
Seems that an axiom has been in force the whole time' "any advance in
security technology is outdated before implementation due to the sheer
capacity for rising to the challenge" You may quote me "miffed".[grin]

I suspect the rebuilt 'flattener' is correct...I am now thinking back to
these lines:
1/putting a $100 W95lite machine on the Internet, disabling EVERYthing
except port 80 HTTP TCP/IP in/out.
2/ checking email at the library.
3/ Buying mp3s [ok, seriously though.....]
4/burning the CDs with shareware sitting in my drawer since they
probably had the prototype plastic Semiconductor junctions molded into
them allowing transmission to a w-lan [i kill me].
5/OR....putting and useless old puter [see #1, voida (oops..works
though) VIDA supra] on the net and leaving it wide open as a honey pot
and sniffing the packets with sniper rifle in hand....makes me feel
better if not superior.

5a/ using same puter AS "5/" until it gets smoked and instead of
flattening....just flatten it and replace. Thats it!
FLATTEN AND REPLACE! $50 PIII 800s abound. And we all know they are
just as fast running the era software right! Wait, Faster running prior
era software devoid of OuthousE and IsajokE.

6/Giving up and going back to print media... no, WAIT...Snailmail spam
was the first and still is pervasive.......

"your prise is waiting for __________ to collect it. Reply soon. Offer
dated".

If I could only reach the trigger with the barrel pointed at my face!

miffed. S'pose?

Re: flatten and rebuild---REPLACE!

Post removed (X-No-Archive: yes)

Re: flatten and rebuild---REPLACE!

Sebastian Gottschalk wrote:

> warf wrote:
>
>
>>I suspect the rebuilt 'flattener' is correct...I am now thinking back to
>>these lines:
>>1/putting a $100 W95lite machine on the Internet, disabling EVERYthing
>>except port 80 HTTP TCP/IP in/out.
>
>
> Please, do so. You really don't need DNS and ICMP, neither HTTPS. ;-D
> Anyway, with Win95 you're fucked anyway.

I am actually playfully agreeing with your basic philosophy Seb~. I
tried to disable DNS and ICMP and....oh, your being sarcastic. Silly me.

Seriously though, I have tried to get my cable ISP to tell me what
minimum I require enabled for a access and all i get is ports 80,25,110.
Nothing about which protocols, nothing about 'inbound or outbound' ...
I have found out that without DNSlookup the process is so slow i might
as well get dialup, I also found that i can't refresh my IP
without...DCOM? so, by trial and error I creep along on my hands and
knees looking for a reasonable solution

>>2/ checking email at the library.
>
> Stupid idea.

I know...I'm so weak.

warf,,,,begs your advice.

Re: flatten and rebuild---REPLACE!

Post removed (X-No-Archive: yes)

Re: flatten and rebuild---REPLACE!

On Thu, 14 Dec 2006, in the Usenet newsgroup comp.security.firewalls, in article
, warf wrote:

>I am now thinking back to these lines:
>1/putting a $100 W95lite machine on the Internet, disabling EVERYthing
>except port 80 HTTP TCP/IP in/out.

I know you are being facetious here (no one is crazy enough to trust
windoze95 near a network connection, never mind the Internet), but this
point suggests a misunderstanding on port numbers and how they are used
in the big picture. Think what you put on an envelope when you send mail.
You put the address of the destination - and in the Internet, this is
found in two locations. The IP address of the destination is the first
address (bytes 16 to 19) of the IP header - which sends the packet to
the destination _computer_ out "there". But in the TCP header, there is
a destination _port_number_ in bytes 2 and 3 to tell the which service on
that destination computer to deliver this packet to. See RFC1180 (or
RFC0791 and 0793 if you want the actual specifications) for additional
details.

0791 Internet Protocol. J. Postel. September 1981. (Format: TXT=97779
bytes) (Obsoletes RFC0760) (Updated by RFC1349) (Also STD0005)
(Status: STANDARD)

0793 Transmission Control Protocol. J. Postel. September 1981.
(Format: TXT=172710 bytes) (Updated by RFC3168) (Also STD0007)
(Status: STANDARD)

1180 TCP/IP tutorial. T.J. Socolofsky, C.J. Kale. January 1991.
(Format: TXT=65494 bytes) (Status: INFORMATIONAL)

But just as you put a "return address" on that letter, the packet also
has your IP address (in bytes 12 to 15 of the IP header), and the source
port number (in bytes 0 and 1 of the TCP header) where the packet came
from on your computer. Point is, the 'source' and 'destination' port
numbers are not the same. If they were, what is the point for having
both in the header? The server is usually on a "well known port" (in
this case, 80), but the client will be on an ephemeral port number (the
"next available number) between 1025 and 65535.

As you are not offering services to the world, anyone attempting to
connect to a port between 0 and 1023 on your system should get a "No one
lives here" answer - which occurs BY DEFAULT when there is nothing on
the port. With one exception (DHCP client), there should never be any
packet leaving your system with a _source_ port in that range.

Old guy

Re: flatten and rebuild---REPLACE!

Moe Trin wrote:

> On Thu, 14 Dec 2006, in the Usenet newsgroup comp.security.firewalls, in article
> , warf wrote:
>
>
>>I am now thinking back to these lines:
>>1/putting a $100 W95lite machine on the Internet, disabling EVERYthing
>>except port 80 HTTP TCP/IP in/out.
>
>
> I know you are being facetious here (no one is crazy enough to trust
> windoze95 near a network connection, never mind the Internet), but this
> point suggests a misunderstanding on port numbers and how they are used
> in the big picture. Think what you put on an envelope when you send mail.
> You put the address of the destination - and in the Internet, this is
> found in two locations. The IP address of the destination is the first
> address (bytes 16 to 19) of the IP header - which sends the packet to
> the destination _computer_ out "there". But in the TCP header, there is
> a destination _port_number_ in bytes 2 and 3 to tell the which service on
> that destination computer to deliver this packet to. See RFC1180 (or
> RFC0791 and 0793 if you want the actual specifications) for additional
> details.
>
> 0791 Internet Protocol. J. Postel. September 1981. (Format: TXT=97779
> bytes) (Obsoletes RFC0760) (Updated by RFC1349) (Also STD0005)
> (Status: STANDARD)
>
> 0793 Transmission Control Protocol. J. Postel. September 1981.
> (Format: TXT=172710 bytes) (Updated by RFC3168) (Also STD0007)
> (Status: STANDARD)
>
> 1180 TCP/IP tutorial. T.J. Socolofsky, C.J. Kale. January 1991.
> (Format: TXT=65494 bytes) (Status: INFORMATIONAL)
>
> But just as you put a "return address" on that letter, the packet also
> has your IP address (in bytes 12 to 15 of the IP header), and the source
> port number (in bytes 0 and 1 of the TCP header) where the packet came
> from on your computer. Point is, the 'source' and 'destination' port
> numbers are not the same. If they were, what is the point for having
> both in the header? The server is usually on a "well known port" (in
> this case, 80), but the client will be on an ephemeral port number (the
> "next available number) between 1025 and 65535.
>
> As you are not offering services to the world, anyone attempting to
> connect to a port between 0 and 1023 on your system should get a "No one
> lives here" answer - which occurs BY DEFAULT when there is nothing on
> the port. With one exception (DHCP client), there should never be any
> packet leaving your system with a _source_ port in that range.
>
> Old guy

SERIOUSLY...thanks. I am of course at your mercy as you 'might' be
regarding D-orbital ab inito calculations for bis-phenylphosphorylation
of....Motrin, or whatever.

As is apparent, I am asking these questions to learn enough to 'play
ball' but am also realistic to know [I reiterate] a masters in comp Sci
in order to stick it to HP ain;t gonna happen.
I would however appreciate a reference to an intermediate
treatise....magazine, covering enough of the basics to at least enable
me to ask the right questions. At least then I might be able to assist
myself. Really, there is a lot of chest pounding in these forums but the
chanced to educate the eager is the most noble use of these ephemeral
packets these is no?
Warf...looking to you[se] for a ray of light.

Re: flatten and rebuild---REPLACE!

Post removed (X-No-Archive: yes)

Re: flatten and rebuild---REPLACE!

Sebastian Gottschalk wrote:
> Moe Trin wrote:
>
>
>>As you are not offering services to the world, anyone attempting to
>>connect to a port between 0 and 1023 on your system should get a "No one
>>lives here" answer - which occurs BY DEFAULT when there is nothing on
>>the port. With one exception (DHCP client), there should never be any
>>packet leaving your system with a _source_ port in that range.
>
>
> What about DNS query fallback? If some queries with source port > 1024
> fail, some resolvers resort to source port 53. Also quite common behind NAT
> routers.

Sigh, a lot like like listening to very intelegent men argue specifics
of hard science from opposite perspectives; how can two correct people
be in disagreement? [as i suspected, no hope for me.]
miffed again.

Re: flatten and rebuild---REPLACE!

On Sat, 16 Dec 2006, in the Usenet newsgroup comp.security.firewalls, in article
, warf wrote:

>I would however appreciate a reference to an intermediate
>treatise....magazine, covering enough of the basics to at least enable
>me to ask the right questions. At least then I might be able to assist
>myself.

Now that would be a good question. I don't subscribe to magazines
like that - they tend to be rather useless for me as everything is aimed
at the windoze user level. The more technical magazines tend to expect
that the reader has the basics, or is willing to spend the time scanning
the details out of RFCs and the like. Do you have access to a good
library? One of the better books in "TCP/IP Illustrated, Volume 1" by
the late W. Richard Stevens (Addison Wesley, ISBN 0-201-63346-9, 1994
[there is a 1996 edition as well], 576 pages, US$lots) that is normally
used as a text book in college networking courses. I would NOT
recommend buying it in this situation, but if you can borrow a copy,
it may be worth the read.

As for the way an application communicates, other than the simple
overview (in Chapter 1 of the Stevens book) this tends to be more O/S
specific, and as I've stated, I don't do windoze.

Old guy

Re: flatten and rebuild---REPLACE!

Moe Trin wrote:

> On Sat, 16 Dec 2006, in the Usenet newsgroup comp.security.firewalls, in article
> , warf wrote:
>
>
>>I would however appreciate a reference to an intermediate
>>treatise....magazine, covering enough of the basics to at least enable
>>me to ask the right questions. At least then I might be able to assist
>>myself.
snip....>
> As for the way an application communicates, other than the simple
> overview (in Chapter 1 of the Stevens book) this tends to be more O/S
> specific, and as I've stated, I don't do windoze.
>
> Old guy
>

SIGH.......
Warf.