Hacking 101.5
Packets and Firewalls
from the May 2001 Actrix Newsletter

by Dean Moor


I am again grateful to Dean Moor for this next article in his series on hacking and security. To many it is a fascinating topic. It really would be a good idea for those interested but new to computers or the net to read over Dean's articles in previous newsletters. -Editor

Hi Folks, well, so far we have discussed what the "Bad Guys" of the internet can do to your machine, and how they do it. How about for the next couple of months, we discuss what you can do to protect yourself.

This time I'd like to talk about firewalls. Firewalls (such as Zone Alarm, Black Ice etc) are programs you can load onto your computer to make you more secure from incoming nasties.

Before I get into the basics of a firewall, however, I must explain what packets are.

When you send information to others, your computer first takes the data you are ready to move across the Internet (such as an e-mail or web page request) and breaks it into smaller pieces, called packets. These packets are each numbered, and are stamped with information concerning who the packet is from, where it is going, and how many packets there are in total.

Then your computer sends this information to the Internet. Your computer examines each packet, finds the 'TO' address, and asks nearby computers on the Internet to see which are not busy, and if that computer can forward the packet.

When a computer responds, the packet is sent to that machine, which makes similar contact with other machines and where this process is repeated until your data reaches its destination.

It is important to note that the same computer(s) probably will not handle all of the outgoing packets. Some of the computers that 'volunteer' may actually be out of the way, depending on how busy the internet is at the time.

Therefore it is possible that many of the last packets sent will actually arrive at the destination before some of the first packets, depending on which computers handled what packets. However, the difference is often measured in milliseconds, and is not noticed.

At the receiving host computer (the one you sent your information to) the message is reassembled. The receiving host then checks that all data has arrived, and ensures that the packets are complete and undamaged, much like a warehouse would with new stock. Should any packets be missing or damaged replacement packets are requested from the sending machine. Once the packets are all accounted for, they are reassembled and processed. As seen in the demo below.

Click Here to Start Demo
(You may want to click this a couple of times in order to follow it fully.)

Now, what does this have to do with a firewall? Simple; the firewall is generally placed in front of all other programs on you computer, between you and the Internet. All incoming packets must first pass through the firewall before they can be processed by your machine. This is where your rule-sets come into effect.

Say for example, you wish to allow all web pages from Actrix, but nowhere else. Your firewall will examine each WWW packet that approaches your computer to ensure that the sender's address in the packet header matches the one you set in your firewall rules. If the addresses match, the packet is let through, otherwise, it is rejected. The same process is followed for all packets that come in, regardless of the type or size. All must be accepted by the firewall to be processed by your machine.

The same process is followed for out bound packets (information you are sending) Each packet is examined by your firewall to ensure that the receiver's address is listed in the firewalls rule-set, and should any be denied, those packets simply will not go anywhere.

Your firewall can also block certain ports (electronic gates into and out of your computer) as well. Using the same methods as above with packet filtering, your firewall can see which port the information is leaving on, or coming into, and either allow or disallow the information, as seen in the diagram below.

Image supplied by GRC.com

Now, although the firewall appears to be all you need for the security of your computer, I urge you to reconsider. As you can see in the diagram above, a few ports are left open. This must be done to allow some traffic through, and as such, your computer, although safer, is still vulnerable to attack. Next month I will discuss further security applications that you can use to add to the features of a firewall.

Safe Browsing and Good Luck. Most of all Have Fun.

Dean Moor