Local firewalls was Re: [thelist] what is this scam?

[Ben Henick]

On Tue, 26 Nov 2002, rudy wrote:

> > put your machine behind a firewall and it's no longer
> > part of the same subnet as all the other completely open
> > and vulnerable pc's in your neighborhood.
>
> see, that's the part that i don't get
>
> my computer is connected only to my cable internet service provider
>
> why is my cable internet service provider letting that crap through?

That's the thing - the "crap" is likely on the near side of the ISP's
firewall (assuming they have one at all).  Unless somebody logs the
packets and complains, there's not really anything the ISP can or will do.

During the two months I was running ZoneAlarm (after seeing odd NIC
attivity during a week when I was using my rig but not strictly online) I
noticed a lot of traffic directly from other folks on my subnet, to my
node.

I'm now running a dedicated OpenBSD firewall (long story, that) and
haven't peeked into pflog even though I probably should.  ;-)

If you don't want to go to that much trouble (which wasn't so much trouble
for me, as the hardware was collecting dust and it'll be kinda nice to set
up a local HTTP server on a real Open Source OS, if I ever wanna bother)
any reasonably stocked shop should also have firewall/NAT routers
available, typically at a price (here, no sales tax) of 100-150USD.


--
Ben Henick
Web Author At-Large              Associate Editor
http://www.io.com/persist1/      http://www.digital-web.com/
persist1 at io.com                  bmh at digital-web.com
--
"Are you pondering what I'm pondering, Pinky?"
"I think so, Brain, but... (snort) no, no, it's too stupid."
"We will disguise ourselves as a cow."
"Oh!" (giggles) "That was it exactly!"