At 09:19 AM 6/10/01 -0400, Shyamal Gupta wrote the following:
>At 09:54 PM 6/9/2001, Gerry Boyd wrote:
>
>>Short answer
>>No firewall required for dial-up
>
>Gerry,
>
>What you write makes a lot of sense, and (as usual) is quite educative.
>
>I have a dial-up connection, and have been using ZoneAlarm. Yet I
>occasionally get the ZoneAlarm notification that it has blocked someone's
>(something's) attempt to access. What would this be likely to mean ?
Someone like me trying to find some information and using an incorrect IP
address an/or domain name.
For example, let's assume I would like to get the the IP number for a
domain. IP
numbers can be found quite easily using reverse DNS lookup, that is, convert
domain name to IP address. The program that does this is called nslookup.
The nslookup program works both ways, that is, it converts domain names to
IP addresses or IP address to domain names.
domain name to IP address
no2:/opt2/home3/expita>nslookup geocities.com
Server: localhost
Address: 127.0.0.1
Name: geocities.com
Addresses: 209.1.225.218, 209.1.225.217
IP address to domain name
no2:/opt2/home3/expita>nslookup 209.1.225.217
Server: localhost
Address: 127.0.0.1
Name: vip3.intl.geocities.yahoo.com
Address: 209.1.225.217
If by chance I typed an incorrect IP address and that address at the time
was being used by you via dial-up and you were using ZoneAlarm then an alert
could be sent and you might wonder who I was and what I was doing. As you
can see I'm not doing anything to you per se, I was just trying to do
something for myself and got to you by mistake. The same can happen when I
use ping, traceroute, dig, whois, finger, ftp, telnet, http, gopher, wais,
IRC, or just about any other IP service.
>Does one take it that the *probability* of security vulnerability with a
>dialup connection is extremely low or that it is zero ?
Personally I'd guess zero, nil, none, nothing, zip, or blank.
If I was attacking you would know it. Sustained attempts from the same
address to the same service indicate something unusual is happening. It
could also mean nothing, something like a incorrect or "stuck" ping. For
example, the ping protocol allows an optional count value. If I added a
large number (by mistake) I could sent millions of ping requests to an IP
address (Windows ping allows up to 4,294,967,295 echo requests).
--
Gerry Boyd
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
