[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause
- To: full-disclosure@lists.netsys.com
- Subject: RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause
- From: Nicob <nicob@nicob.net>
- Date: Fri, 16 Jan 2004 13:03:16 +0100
On Fri, 2004-01-16 at 05:44, James Patterson Wicks wrote:
> Your NAT router works at Layer 3. You still need a personal firewall or
> proxy system that looks at as many layers as possible. You need
> something like Sygate Personal Firewall that alerts you when an
> application or process that you have not approved tries to go OUT to the
> Internet from your PC.
Even with a personal firewall, a trojan could go out to the Internet
without your knowledge, using different tactics :
- exploiting a bug (in filtering) of the personal firewall used (like
not monitoring UDP 53 outbound)
- exploiting a bug (like a buffer overflow) of the personal firewall
used and using these new privs to modify the setup and allowing itself
- bypassing the personal firewall by using authorized applications (like
Internet Explorer via the OLE controls)
- bypassing the personal firewall by injecting your own code in
authorized applications (à la CreateRemoteThread)
- bypassing the personal firewall by injecting your network data under
the hook in the TCP/IP stack
- ...
--
Nicob <nicob@nicob.net>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html