Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: January 15 is Personal Firewall Day, help the cause

From: Nicob <nicob () nicob net>
Date: Fri, 16 Jan 2004 13:03:16 +0100
On Fri, 2004-01-16 at 05:44, James Patterson Wicks wrote:


Your NAT router works at Layer 3.  You still need a personal firewall or
proxy system that looks at as many layers as possible.  You need
something like Sygate Personal Firewall that alerts you when an
application or process that you have not approved tries to go OUT to the
Internet from your PC.


Even with a personal firewall, a trojan could go out to the Internet
without your knowledge, using different tactics :

- exploiting a bug (in filtering) of the personal firewall used (like
not monitoring UDP 53 outbound)
- exploiting a bug (like a buffer overflow) of the personal firewall
used and using these new privs to modify the setup and allowing itself
- bypassing the personal firewall by using authorized applications (like
Internet Explorer via the OLE controls)
- bypassing the personal firewall by injecting your own code in
authorized applications (à la CreateRemoteThread)
- bypassing the personal firewall by injecting your network data under
the hook in the TCP/IP stack
- ...


-- 
Nicob <nicob () nicob net>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: