1. Home
  2. Networking Firewalls
  3. How did they get past my NAT?
  4. Page 5

How did they get past my NAT?

It's not the job of a FW to be blocking applications. A persoanl FW/packet filter is not a FW. The job of a FW is to stop inbound and outbound packets coming from the network it is protecting against, and also and leaving the network if rules have been set to stop outbound packets. A FW sits at tje juction point between two networks.

If the machine has been compromised, then there is nothing running on the machine that can stop it, other than, the O/S if it has the means to do so. So you stop something with a PFW. But what about the boot a login process that the malware can beat the PFW to the connection and get out, because the PFW is not an integrated part of the O/S that O/S is going to make other services wait until the FW is up and running. And besides that, malware can fool the packet filter with app. control running with the O/S, like it can fool the O/S with both of them running with the O/S.

And most users flat-out do not know what is legit or non-legit traffic in a typical situation when they are being asked the questions.

Like I said, if the solution is not using two NIC(s), it's not a FW solution and is just a packet filter.

Reply to
Mr. Arnold
Loading thread data ...

You seem to think that only an smpt server uses SMTP - but the only compromised SMTP servers I've seen in years were workstations/laptops where the idiot had compromised their workstation is a malware that installs its own SMTP engine - the laptop becomes a SMTP server sending out hundreds of emails with the infection included per minute. The malware, in every case, didn't attempt to use the internal SMTP server, it had it's own built into it.

There are many threats, I look for more than just the common ones.

Reply to
Leythos

I too have seen what I think you describe. users running as administrator get compromised their windows firewall is taken down and they end up with an smtp server and others connecting(incoming) or trying to connect. I think mostly they are saved by their NAT router. That is a common one!!

They are screwed if they run a Bridge or half bridge thing. Where there is no NAT. Like some USB dsl modems and perhaps PCI DSL modems. Typically with those things the PPP is done by windows. ipconfig displays their public ip. Malicious people connect successfully , spam gets sent out from the user`s computer and user gets a threatening email from their ISP to get rid of it or else.

But, we were talking of blocking outgoing, and thus outgoing smtp.

Reply to
jameshanley39

That's NOT what I'm saying - I'm saying that users, on a LAN, behind a NAT router with no forwarding enabled, using loaded an application that was malware and it contained a SMTP service that was sending hundreds of emails per minute. It was not allowing external connections, it was not being connected to from the net, it was it's own SMTP service spewing emails out to domains - the Windows firewall would not an could not stop this.

Yes, we are, and in this case, you've mistaken what I've said/shown, where a blocking of SMTP outbound from the LAN by the workstations, or where SMTP would be limited to the ISP's SMTP server, would block the spreading of the malware in question.

Reply to
Leythos

True but one of the things this also shows is that it has been ( thoroughly) peer-reviewed by ( experts).I have my doubts as well since there is a lot of potential for fraud in this space.

I like to think of it as the commercial variant to opensource software. eg with many eyes bugs are shallow.

Reply to
goarilla

A true Firewall is a packet and port filter and is able to filter in both directions. Basically a firewall regulates the flow of traffic between 2 or more computer networks.

It is still not a TRUE firewall because it can't filter by port.

Port forwarding is used to allow unsolicited inbound traffic to pass through to a server listening on a certain port. Port forwarding only forwards traffic on the specified port. So if you hosting email then you would enable port forwarding on port 25.

Hope that is helpful,

Hex

Reply to
Hexalon

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.