Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible

From: Jim Hill (bgtqat_private)
Date: Tue Apr 30 2002 - 07:43:47 PDT

Next message: securityat_private: "Security Update: [CSSA-2002-019.0] Linux: imlib processes untrusted images"

Previous message: Jonas Koch: "AW: ITCP Advisory 13: Bypassing of ATGuard Firewall possible"
In reply to: BlueScreen: "ITCP Advisory 13: Bypassing of ATGuard Firewall possible"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

BlueScreen in <014401c1ef8d$1bb66510$0100a8c0@BlueScreenPrimary>:

> ATGuard can be fooled to think that a disallowed program is allowed to
> connect to the internet.

This is a well known problem and has been discussed at length on
<http://grc.com/lt/scoreboard.htm>.

A.M Janssen has written utility which monitors the hashes (SHA1,
Ripe MD-160 or Haval) for the applications in AtGuard's ruleset
<http://www.capimonitor.nl/nisfilecheck11.zip>. 

It has to be separately scheduled so it's not as good as real
time checks by the firewall but very useful nonetheless.

Next message: securityat_private: "Security Update: [CSSA-2002-019.0] Linux: imlib processes untrusted images"
Previous message: Jonas Koch: "AW: ITCP Advisory 13: Bypassing of ATGuard Firewall possible"
In reply to: BlueScreen: "ITCP Advisory 13: Bypassing of ATGuard Firewall possible"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 30 2002 - 16:43:03 PDT