AW: ITCP Advisory 13: Bypassing of ATGuard Firewall possible

From: Jonas Koch (jonas.kochat_private)
Date: Tue Apr 30 2002 - 03:09:00 PDT

Next message: Jim Hill: "Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible"

Previous message: UMusBKidNat_private: "Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible"
In reply to: BlueScreen: "ITCP Advisory 13: Bypassing of ATGuard Firewall possible"
Next in thread: BlueScreen: "Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible"
Reply: BlueScreen: "Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Most products use checksums to detect replaced or modified applications.

But there are other problems with outbound filters. Most personal firewalls
do not detect if a malicious program uses a 'trusted' application to
transmit data (look at tooleaky.zensoft.com). I have tested several products
with a method similar to Bob Sundling's and only BlackICE PC Protection 3.5
stopped communication (Norton PF, Tiny PF and ZoneAlarm did not stop it).

There is no ultimate way to control all outbound communication. If you use
your own low-level drivers, no personal firewall can stop you.

Jonas

Next message: Jim Hill: "Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible"
Previous message: UMusBKidNat_private: "Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible"
In reply to: BlueScreen: "ITCP Advisory 13: Bypassing of ATGuard Firewall possible"
Next in thread: BlueScreen: "Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible"
Reply: BlueScreen: "Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 30 2002 - 16:38:05 PDT