[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1074254596.838.27.camel@bobby.exaprobe.com>
From: nicob at nicob.net (Nicob)
Subject: Re: January 15 is Personal Firewall Day,
help the cause
On Fri, 2004-01-16 at 05:44, James Patterson Wicks wrote:
> Your NAT router works at Layer 3. You still need a personal firewall or
> proxy system that looks at as many layers as possible. You need
> something like Sygate Personal Firewall that alerts you when an
> application or process that you have not approved tries to go OUT to the
> Internet from your PC.
Even with a personal firewall, a trojan could go out to the Internet
without your knowledge, using different tactics :
- exploiting a bug (in filtering) of the personal firewall used (like
not monitoring UDP 53 outbound)
- exploiting a bug (like a buffer overflow) of the personal firewall
used and using these new privs to modify the setup and allowing itself
- bypassing the personal firewall by using authorized applications (like
Internet Explorer via the OLE controls)
- bypassing the personal firewall by injecting your own code in
authorized applications (? la CreateRemoteThread)
- bypassing the personal firewall by injecting your network data under
the hook in the TCP/IP stack
- ...
--
Nicob <nicob@...ob.net>
Powered by blists - more mailing lists