2 general questions

General technological topics without their own forum go here

2 general questions

Post by pretentious on Mon Oct 07, 2013 11:04 pm
([msg=77626]see 2 general questions[/msg])

Could someone give me a realistic example of a drive by download and what languages would be used in the exploit? Also what's everyone's view on firewalls? I figured that if I'm not running any services, incoming packets well simply be ignored right? I don't think I have one by default but a guy on youtube told me I should
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
pretentious wrote:Welcome to bat country
User avatar
pretentious
Contributor
Contributor
 
Posts: 690
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: 2 general questions

Post by limdis on Tue Oct 08, 2013 12:24 pm
([msg=77629]see Re: 2 general questions[/msg])

Firewalls:
Remember there are two types, hardware and software. Your first line of defense if usually your hardware firewall which is in most cases housed on your router. Home routers use network address translation (NAT) to filter and properly direct packets to a specific client (computer). Basically this makes it possible to have multiple clients on a network at one time without having to have multiple global IP addresses. Google > 28.31.38.112 (your house/isp) > 192.168.1.14 (your computer). By definition only, this is technically a firewall. Packet headers are analyzed and redirected. With no security settings in place this can go entirely unfiltered and you are susceptible to everything. Fortunately, firmware upgrades allow for your router to be upgraded and security settings can be put into place that allow for automatic dropping of packets that are flagged as a security risk. You may also change these settings yourself to allow incoming and outgoing packets to be sent and received. Think port forwarding and video games. This quickly crosses over into setting up a proxy but keeping things on topic.
The most common example of a software firewall is Windows Firewall. It basically works the same way except it's a program that runs while you are running windows (instead of always on as is when your router is on). Software firewalls tend to be more secure because they focus more on security rather than basic function. They can also cross reference with a server for the latest security threats and detect malicious software. Also, since this runs on our computer software firewalls can monitor specific programs individually to which are requesting access to the internet and which are attempting to accept incoming connections. Another added bonus vs a hardware firewall is that software firewalls can determine if another computer on the network is already infected and protect your computer from whatever it is that may be. The router might prevent it from getting in or out, but once something is in, it's in.

Drive-by downloads:
Assuming you don't fall victim to downloading something that is mislabeled, like a movie that is really a virus and not a movie at all; drive-by downloads happen when you don't know something is being downloaded. As far as language, it really depends on the vector used in order to trick the user into downloading the file. A realistic and common example would be falling victim to cross-site scripting (XSS) to a website with a hidden iframe of one pixel and tall and wide with a command written to connect to for the download to begin as a background process. Another common example is falling victim to both types. You download what you believe to an .mp3 of your favorite song (and it very well might be) however an additional line is added in for you to connect to a host server to download whatever malicious software desired when you play the song.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1414
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: 2 general questions

Post by pretentious on Wed Oct 09, 2013 7:59 am
([msg=77640]see Re: 2 general questions[/msg])

Thanks for the detailed response, Limdis. Am I to understand that software firewalls can act like simplistic anti virus software? I had XSS in mind but wasn't sure if i had connected the right dots in my head.
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
pretentious wrote:Welcome to bat country
User avatar
pretentious
Contributor
Contributor
 
Posts: 690
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests