lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <D89E9C009C6E5B4381DCBE89CA703CEE02EF9CA0@MI8NYCMAIL04.Mi8.com>
From: pwicks at oxygen.com (James Patterson Wicks)
Subject: Re: January 15 is Personal Firewall Day,
 help the cause

True.  That why further down in the post I talk about using the Mozilla browser, anti-virus, IDS and spyware apps.  Nothing is 100%, but getting into the 90% range helps me sleep better at night.

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Nicob
Sent: Friday, January 16, 2004 7:03 AM
To: full-disclosure@...ts.netsys.com
Subject: RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day,
help the cause


On Fri, 2004-01-16 at 05:44, James Patterson Wicks wrote:

> Your NAT router works at Layer 3.  You still need a personal firewall or
> proxy system that looks at as many layers as possible.  You need
> something like Sygate Personal Firewall that alerts you when an
> application or process that you have not approved tries to go OUT to the
> Internet from your PC.

Even with a personal firewall, a trojan could go out to the Internet
without your knowledge, using different tactics :

- exploiting a bug (in filtering) of the personal firewall used (like
not monitoring UDP 53 outbound)
- exploiting a bug (like a buffer overflow) of the personal firewall
used and using these new privs to modify the setup and allowing itself
- bypassing the personal firewall by using authorized applications (like
Internet Explorer via the OLE controls)
- bypassing the personal firewall by injecting your own code in
authorized applications (? la CreateRemoteThread)
- bypassing the personal firewall by injecting your network data under
the hook in the TCP/IP stack
- ...


-- 
Nicob <nicob@...ob.net>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


This e-mail is the property of Oxygen Media, LLC.  It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster@...gen.com and destroy all electronic and paper copies of this e-mail.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ