Bugtraq mailing list archives
AW: ITCP Advisory 13: Bypassing of ATGuard Firewall possible
From: "Jonas Koch" <jonas.koch () gmx ch>
Date: Tue, 30 Apr 2002 12:09:00 +0200
Most products use checksums to detect replaced or modified applications. But there are other problems with outbound filters. Most personal firewalls do not detect if a malicious program uses a 'trusted' application to transmit data (look at tooleaky.zensoft.com). I have tested several products with a method similar to Bob Sundling's and only BlackICE PC Protection 3.5 stopped communication (Norton PF, Tiny PF and ZoneAlarm did not stop it). There is no ultimate way to control all outbound communication. If you use your own low-level drivers, no personal firewall can stop you. Jonas
Current thread:
- ITCP Advisory 13: Bypassing of ATGuard Firewall possible BlueScreen (Apr 29)
- AW: ITCP Advisory 13: Bypassing of ATGuard Firewall possible Jonas Koch (Apr 30)
- Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible BlueScreen (Apr 30)
- Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible Jim Hill (Apr 30)
- <Possible follow-ups>
- Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible UMusBKidN (Apr 30)
- AW: ITCP Advisory 13: Bypassing of ATGuard Firewall possible Jonas Koch (Apr 30)