Author Topic: DMZ  (Read 10469 times)

0 Members and 1 Guest are viewing this topic.

Offline RoMi

  • x86
  • Hero Member
  • *****
  • Posts: 502
  • gg no re
    • View Profile
DMZ
« on: April 17, 2005, 10:25:05 am »
Hey I got a new router with an SPI firewall the other day and it has an option to enable DMZ.  I was wondering what DMZ is, I know it stands for demilitarized zone, but thats about it.  I put my Xbox on the port and turned on DMZ and it seems to login a few seconds faster.  Is it just like a port that doesn't get monitored by the SPI firewall or something?
-RoMi

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: DMZ
« Reply #1 on: April 17, 2005, 11:54:55 am »
It's a "DMZ Host", not just "DMZ".

In a standard network, the setup is like this:

[internet]
[firewall]
[DMZ]
[firewall]
[internal network]

The DMZ is where things like web servers go.

That's a corporate thing, though.  In your situation, what that means is that it's forwarding all ports to the DMZ Host.  I don't recommend setting anything to a DMZ Host unless you trust the computer 100%.  For example, I'd never ever set a Windows computer to DMZ Host.

I don't think you'll get any speed increase, though.  Maybe that was a coincidence?

Offline RoMi

  • x86
  • Hero Member
  • *****
  • Posts: 502
  • gg no re
    • View Profile
Re: DMZ
« Reply #2 on: April 17, 2005, 12:29:32 pm »
Thanks for the info iago!  I've run a few tests with the xbox on and off of DMZ Host port and it still seems to log on faster.
-RoMi

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: DMZ
« Reply #3 on: April 17, 2005, 01:24:37 pm »
This website is running off Darkside (or Pie, I've forgotten in the confusion of the switch), which is made possible via iago's DMZ. Mostly valuable if you're running a webserver on your network, although dangerous, it does get you fully functional and somewhat safe (assuming you're not using Windows).
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: DMZ
« Reply #4 on: April 17, 2005, 01:26:31 pm »
It's dangerous in that people can connect to you on any port.  Of course, I only have the ports I want open.

Right now, actually, the DMZ Host is Pie.  My router is doing:

Port 80 --> Darkside
Port 443 --> Darkside
Port 2401 --> Darkside (todo: get rid of)
Port 8001 --> Darkside
Port 5000-6000 --> Slayer
Everything else --> Pie

Offline RoMi

  • x86
  • Hero Member
  • *****
  • Posts: 502
  • gg no re
    • View Profile
Re: DMZ
« Reply #5 on: April 17, 2005, 02:32:09 pm »
I do actually run a webserver/jbls server, which I just use port forwarding for, maybe it would be a good idea to put it up on DMZ??  BTW its a slackware box in bash screen only.
-RoMi

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: DMZ
« Reply #6 on: April 17, 2005, 02:33:33 pm »
I do actually run a webserver/jbls server, which I just use port forwarding for, maybe it would be a good idea to put it up on DMZ??  BTW its a slackware box in bash screen only.

If you're going to do that, make sure there is nothing else running.  By default, Slackware starts up some unnecessary services (like sendmail and others).  If they're open, you should disable them.

Offline RoMi

  • x86
  • Hero Member
  • *****
  • Posts: 502
  • gg no re
    • View Profile
Re: DMZ
« Reply #7 on: April 17, 2005, 02:41:15 pm »
Just one more question if its set up on DMZ that means that all ports are forwarded to that computer right?  And that port-forwarding only works for the other devices.  Say you wanted a CS server on one computer that isn't set as DMZ,  you would use port-forwarding to do this right?  Now say that it is set up on the DMZ host port, does that mean that you would not have to use port forwarding, since all the ports if not specified are already forwared to the DMZ host?
-RoMi

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: DMZ
« Reply #8 on: April 17, 2005, 03:51:43 pm »
If you have a DMZ host anf forwarded ports, the forwarded ports take precidence. 

Offline Mythix

  • The Dude
  • x86
  • Hero Member
  • *****
  • Posts: 1569
  • Victory
    • View Profile
    • Dark-Wire
Re: DMZ
« Reply #9 on: May 06, 2005, 07:51:56 am »
Never fall back onto DMZ unless you absolutely have to. I've heard some funny stories in my network security class with DMZ's and a windows box.
Philosophy, n. A route of many roads leading from nowhere to nothing.

- Ambrose Bierce


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: DMZ
« Reply #10 on: May 06, 2005, 01:04:02 pm »
Haha, I did that once without thinking.  I needed to get something on unpatched Windows with BitTorrent (I was getting Linux, so there wasn't much point in updating Windows).  I set it to DMZ stupidly, just to use bittorrent, and was instantly infected.  Duh :)

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: DMZ
« Reply #11 on: May 07, 2005, 04:19:15 pm »
(assuming you're not using Windows).

It can still be safe if you aren't a complete moron and you are on Windows.

My friend runs XP Home (unpatched) on DMZ and he hasn't had a virus ever. Nor has he been infected.
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: DMZ
« Reply #12 on: May 07, 2005, 05:54:16 pm »
(assuming you're not using Windows).

It can still be safe if you aren't a complete moron and you are on Windows.

My friend runs XP Home (unpatched) on DMZ and he hasn't had a virus ever. Nor has he been infected.

Unless he has a firewall, people can get a ton of information about him and his computer through a Null Session.  There's also a lot of stuff open, listening for connections, which is never secure.  Having stuff running (listening) that you don't know what it does is never a good idea.

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: DMZ
« Reply #13 on: July 05, 2005, 10:20:31 pm »
Unless he has a firewall, people can get a ton of information about him and his computer through a Null Session.  There's also a lot of stuff open, listening for connections, which is never secure.  Having stuff running (listening) that you don't know what it does is never a good idea.
They can get the file names of files in the root directories of my hard disk partitions.  Beyond that, I have file permissions set.  Root files have read-only access to Everyone.

When I reformat, I turn off DMZ to my machine until I get it patched.  Running SP1a or SP2, I've never had a problem.  I don't even run Windows firewall.

I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.

Offline Tuberload

  • Neophyte
  • x86
  • Hero Member
  • *****
  • Posts: 530
    • View Profile
Re: DMZ
« Reply #14 on: July 06, 2005, 12:58:42 am »
I use windows and have never had a virus, trojan, etc... On my computer. I have never been "infiltrated" either. I check regularily. Take that as you will.

Edit: Spelling.
« Last Edit: July 06, 2005, 01:16:56 am by Tuberload »
I am prepared to be ridiculed for what I believe, are you?

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: DMZ
« Reply #15 on: July 06, 2005, 09:11:40 am »
Unless he has a firewall, people can get a ton of information about him and his computer through a Null Session.  There's also a lot of stuff open, listening for connections, which is never secure.  Having stuff running (listening) that you don't know what it does is never a good idea.
They can get the file names of files in the root directories of my hard disk partitions.  Beyond that, I have file permissions set.  Root files have read-only access to Everyone.

When I reformat, I turn off DMZ to my machine until I get it patched.  Running SP1a or SP2, I've never had a problem.  I don't even run Windows firewall.

On a sidenote, make sure the newest patches are applied.  There's exploit code out for another SMB vulnerability which can explode if somebody creates a worm from it.