Hi Martin
I would be really interested to know how even an Intelligence agency funded hacker would be able to “brute force” MAC spoofing, even if they were more devious than a sneaky Fox who has just been made head of ‘The Department of Dirty Tricks and Dirty Deeds’ in the Ministry of Misinformation in His Majesties Government?
A genuine question.
My firewall blocks all traffic after 5 failed attempts at logging in. It effectively shuts down, nothing in, nothing out. That means someone has 5 shots at trying to emulate a 12-digit hexadecimal MAC number! Plus, the 20-digit password.
On the first attempt my Syslog Server emails me, no matter where I am in the world.
In the last 20 years since I have had a Static IP Address and had a (Real VPN) there has been exactly 2 attempts of inbound traffic trying to access my system. 1 of those attempts was Madeleine. The other one was from a commercial internet VPN, maybe someone trying to hide their IP address, or more likely my daughter, not realising she was trying to log on while going through nordVPN.
You and your brother are gamers, possibly online? So, I understand that you may need open ports. And your need for security software.
I use three firewalls after the router.
Behind the first Firewall I have a NAS with 16TB that can be accessed from external source. 8 ports open outbound only and 1 open for inbound.
Behind the second and third Firewall I have all my computers and important personal stuff. Probably 80TB in total. 7 ports open inbound only. Zero outbound.
My system can’t be pinged.
Below is one of 3 Hardware Firewalls blocking “inbound interrogation requests” from my router. Along with other Outbound requests that I have set up rules for and denied. Basically, how to lockdown Windows 10 and 11.
View attachment 1602
Below is my Sys Server reporting on what that particular Firewall has been doing.
View attachment 1603
I Real VPN can only be used with a Static IP address. The reason I pay extra. The number of private citizens with Static IP address’s is infinitesimally small. Simply because of common sense. Why pay extra for no reason. But then most people have absolutely no need whatsoever for an open inbound port. The reason most people ever have problems is through “social engineering” They can’t help themselves clicking on stuff.
I really think, as this is an XP site dedicated to Windows XP that the system overheads for protection software are large. My XP System 32bit only has 2 CPUs with four cores. And a choice between 4GB to 12GB ram.
View attachment 1604
One of my Windows 10 64bit machines has 2 CPUs with 48 cores and 256GB ram. So, overheads for protection software are minimal.
I think Martin that it is an interesting debate. And I would not tell people not to have antivirus software, but I would certainly tell them to get a Hardware Firewall. They are so easy to configure. Plus most people do not actually own the routers they get from their ISP’s. Sometimes one can’t even disable TELNET on these routers provided. I would say in that case, a Hardware Firewall is essential.
Below is some old junk I have thrown together on my breakfast bar, to show how to set up a nearly impossible system to break into. The router is one of those sent out by an ISP and the 2 Firewalls are bought off ebay for £15 each. The old NAS can be used to allow access to files externally, but this could be replaced with a gaming computer, that NO important confidential information is on.
View attachment 1605
The switch represents total security. Turn the router off when you aren’t using it. The clockwork timer represents a nightmare for someone trying a brute force attack on a partially secured system.
The Jack Daniels is my early morning wake up dram. Along with the cigarettes and 2 pints of coffee. I was drinking my coffee when I took photo.
In the end people’s computers are hacked, infected, or messed up, because they download silly stuff.
