What happens when you have a Firewall

Alexis Wilke's picture

The newest MS-Windows Operating Systems have come with a built-in Firewall. This was very important from the start of the Internet, but since the year 2000 or so the need grew faster and faster. Windows XP is the first system that automatically turned on the Firewall. Of course, your Snap! Website is also protected by a firewall.

What does that Firewall really do?!

The firewall simply blocks connections from any external networks (by default you may have some features such as the Remote Assistance and Network Diagnostics turned on1.) In other words, if you have a friend who wants to check out your local website (the one you are running on your local machine,) it won't work because his connections will be stopped by the Firewall.

The mechanism of a firewall is simple. In a network connection, you have one input and one output (often referenced as a FIFO.) By adding software in between the IN and the OUT, you can test that what comes IN or goes OUT is legal. So for instance, if a connection request comes IN to connect to your web server and the source IP address doesn't match what you entered in your system, it can be rejected or dropped at that point2.

Firewall explained graphicallyOf course, complex systems include many networks. Each network represents an IN and an OUT. My current computer has 3 network cards and at least 1 software network (for each virtual machine started on my server, another 2 networks are added.) The distinction between each network allows me to setup the firewall properly.

So what do I do to attack a network?

Say... You're feeling like a hacker already? What you want to do is connect to the computer, try to determine what you connected to and then see whether there is a hack to break the service daemon (often called a server, a service daemon is a software running on the computer being attacked.) When a hack is found, apply it and you're in. If no hack is known, try again until you succeed.

That technique may sound gruesome and yet it works greatly. Systems such as Windows 98 would very easily be penetrated with such attacks.

Okay, but seriously, how often does that happen?

On all our servers, it happens constantly. Such spoofing traffic never stops. In the last 24 hours or so, I had nearly 4,000 hits from hackers testing port 54749. There is an example of the log I get from these attempts:

Oct 22 01:43:33 server kernel: [vvv.wwww] rejected_udp_packet: IN=eth0 OUT=
     MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=77.222.64.162 DST=192.168.1.1
     LEN=138 TOS=0x00 PREC=0x00 TTL=113 ID=13866 PROTO=UDP SPT=2500 DPT=54749 LEN=118

I'm not too sure what that port is used for. I've found some references to an online game. That might be. If you are running that game, then the hackers could potentially connect and hack your computers from within the game. The game may crash once and restarting it would work as if nothing had happened...

Obviously, they test all the ports (all the services that you are offering,) not just 54749.

I hope this helped you understand how the Firewall of your Operating System helps you protect your computer.

  • 1. Note that you should probably turn off all exception and turn them back on whenever necessary. I never let anyone connect on one of my computers via remote assistance, so having it turned off is the perfect default!
  • 2. Rejected means that you send a message back to the sender saying that the packet of data was refused. Dropped means that you don't do anything. It is a good idea to drop by default and only reject when the error is "friendly."
AttachmentSize
network-firewall.txt805.6 KB