Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible

[Jim Hill <bgtq () jhc org uk>]

BlueScreen in <014401c1ef8d$1bb66510$0100a8c0@BlueScreenPrimary>:

> ATGuard can be fooled to think that a disallowed program is allowed to
> connect to the internet.

This is a well known problem and has been discussed at length on
<http://grc.com/lt/scoreboard.htm>.

A.M Janssen has written utility which monitors the hashes (SHA1,
Ripe MD-160 or Haval) for the applications in AtGuard's ruleset
<http://www.capimonitor.nl/nisfilecheck11.zip>. 

It has to be separately scheduled so it's not as good as real
time checks by the firewall but very useful nonetheless.