Bitcoin Forum

I'm building a small machine dedicated to creating wallets and sending BTCs.

It's running a fresh install of XP SP3 and has yet to be connected via RJ45 cable to the network.

I've installed Avast, Winrar, and NetLimiter.

While NetLimiter will demand authorization from you for every process that attempts to connect to the network/internet, I believe it only controls the legit connections made by your applications. I don't trust it blocks ALL possible connections, and can probably be bypassed if one were so inclined.

Is there a way I can hard block ALL outgoing/Incomming connections other than bitcoin? I'm not even planning on using any browsers.

install a firewall and block all ports except 8333.

Can wallet.dat be hacked through port 8333 ?

No that is the omniport.

What is an omniport?  Can any other network traffic pass through port 8333 accept bitcoin client traffic?

Obviously, when the 64,000 port protocol was made, they didn't reserve 8333 for bitcoin, so it must be accessible otherwise. Unless you lock that port to the bitcoin.exe client, via a hash check or something, but that's all techno babble on my part, have no clue how any of that would be done.

So wallet.dat can be hacked through port 8333 by malware?

either no one here knows, or they're all asleep, or they're all scared of being quoted when all joor btc are gone...

install openBSD it has only 2 remote holes in default installation in abaut 10 years....

99,99% or hacker will not touch it when have thousands of windows computers to hack, ech again duble post can i delete it ?

Install a firewall and block all ports except for outgoing to 8333: bitcoin will use that to connect to other bitcoin nodes.

You may also want to open the outgoing irc port, as bitcoin uses irc to discover other clients. If you don't open this on your firewall, you'll probably have to run bitcoin with the -addnode parameter as otherwise I doubt you'll have any connections.

Thanks.  Will iptables suffice?

Probably. I never used iptables myself so I can't answer questions about that.

YES

And try this  http://en.wikipedia.org/wiki/Security-Enhanced_Linux

Why would N-S-A develop something in 2000 and then collaborate with the open source community for an inclusion of this software into the linux kernel in 2003 ( http://en.wikipedia.org/wiki/Security-Enhanced_Linux#Overview ) if it would make nosing into individuals' systems more difficult:

From NSA Security-enhanced Linux Team:

    "NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration files designed to meet common, general-purpose security goals."

(SELinux has been integrated into version 2.6 series of the Linux kernel, and separate patches are now unnecessary; the above is a historical quote.)

It is in stark contrast to the Magic Lantern attempt just a few years earlier down the timeline in 2001?:  http://www.wired.com/politics/law/news/2001/11/48648 and http://www.uhuh.com/control/list-pat.htm

"Other security mavens pointed to free software projects such as openvirus.org as more trustworthy alternatives to Network Associates' McAfee anti-virus products, and GPG as a replacement for Network Associates' PGP encryption software.

The criticism raised a well-known point in security circles: Security software, including PGP and anti-virus products ware, is either looking out for your interests or those of the government. It can't do both.

.
.
.

In his 1982 book The Puzzle Palace, author James Bamford recounted how the National Security Agency's predecessor coerced Western Union, RCA, and ITT Communications to turn over telegraph traffic to the feds in 1945."