Full Disclosure mailing list archives
RE: Re: January 15 is Personal Firewall Day, help the cause
From: "James Patterson Wicks" <pwicks () oxygen com>
Date: Fri, 16 Jan 2004 10:07:18 -0500
True. That why further down in the post I talk about using the Mozilla browser, anti-virus, IDS and spyware apps. Nothing is 100%, but getting into the 90% range helps me sleep better at night. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Nicob Sent: Friday, January 16, 2004 7:03 AM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Re: January 15 is Personal Firewall Day, help the cause On Fri, 2004-01-16 at 05:44, James Patterson Wicks wrote:
Your NAT router works at Layer 3. You still need a personal firewall or proxy system that looks at as many layers as possible. You need something like Sygate Personal Firewall that alerts you when an application or process that you have not approved tries to go OUT to the Internet from your PC.
Even with a personal firewall, a trojan could go out to the Internet without your knowledge, using different tactics : - exploiting a bug (in filtering) of the personal firewall used (like not monitoring UDP 53 outbound) - exploiting a bug (like a buffer overflow) of the personal firewall used and using these new privs to modify the setup and allowing itself - bypassing the personal firewall by using authorized applications (like Internet Explorer via the OLE controls) - bypassing the personal firewall by injecting your own code in authorized applications (à la CreateRemoteThread) - bypassing the personal firewall by injecting your network data under the hook in the TCP/IP stack - ... -- Nicob <nicob () nicob net> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster () oxygen com and destroy all electronic and paper copies of this e-mail. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re[4]: January 15 is Personal Firewall Day, help the cause, (continued)
- Re[4]: January 15 is Personal Firewall Day, help the cause Joris De Donder (Jan 16)
- RE: Re: January 15 is Personal Firewall Day, help the cause James Patterson Wicks (Jan 15)
- RE: Re: January 15 is Personal Firewall Day, help the cause Schmehl, Paul L (Jan 15)
- Re: January 15 is Personal Firewall Day, help the cause Brandon Butterworth (Jan 15)
- Re: Re: January 15 is Personal Firewall Day, help the cause Gary Flynn (Jan 15)
- RE: Re: January 15 is Personal Firewall Day, help the cause Richard M. Smith (Jan 15)
- January 15 is Personal Firewall Day, help the cause tlarholm (Jan 15)
- RE: Re: January 15 is Personal Firewall Day, help the cause James Patterson Wicks (Jan 15)
- RE: Re: January 15 is Personal Firewall Day, help the cause James Patterson Wicks (Jan 15)
- RE: Re: January 15 is Personal Firewall Day, help the cause Nicob (Jan 16)
- RE: Re: January 15 is Personal Firewall Day, help the cause James Patterson Wicks (Jan 16)
- Re: January 15 is Personal Firewall Day, help the cause Ron DuFresne (Jan 16)
- RE: Re: January 15 is Personal Firewall Day, help the cause James Patterson Wicks (Jan 17)
- Message not available
- Re: Re: January 15 is Personal Firewall Day, help the cause Jim Race (Jan 17)
- Re: Re: January 15 is Personal Firewall Day, help the cause Jim Race (Jan 17)
- Message not available