Is there a risk with firewalls? - Page 2

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Re: Is there a risk with firewalls?
wrote:

Quoted text here. Click to load it


I've tested it with some of firewall test sites, and it's always come up
'stealth.'

It has such a history of 'working' on my machine that I simply see no
reason to doubt its effectiveness.  

Ain't saying it's the best. I'm only saying it's the best for me in my
situation. it's utter simplicity.

Re: Is there a risk with firewalls?
On Wed, 20 Jun 2007 03:39:48 -0500, herk@conic.net wrote:

Quoted text here. Click to load it

About "stealth"... well, better not get something started again....

Anyway, protection against unsolicited inbound traffic is not that
hard to achieve also without a firewall. Most users install 3rd party
firewalls for the sake of "outbound application control" which is
nonsense in terms of security.

Quoted text here. Click to load it

What alternatives did you consider when making that descision?

Re: Is there a risk with firewalls?
herk@conic.net wrote:
Quoted text here. Click to load it

*headdesk*

Quoted text here. Click to load it

And you would have been able to detect if it had failed to work how?

BTW, you do realize that ZA itself phones home, and that more recent
versions incorporate rootkit functionality to restrict administrative
accounts (which is utterly braindead)?

Quoted text here. Click to load it

Managing a Personal Firewall is far from anything that could even
remotely be regarded as "simplicity". Not only do most (if not all) of
them provide insufficient information to make reasonable decisions, they
present the user with choices he simply cannot make because he lacks the
required understanding of TCP/IP and windows internals. Not to mention
that several of them open additional attack vectors (some local, some
even remote).

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Is there a risk with firewalls?
herk@conic.net wrote:


Quoted text here. Click to load it


Yupp, that's bad.

And, um, did any of these sites test for what happens with overlapped IP
fragments when injected close to your hop (in a topological sense)? You'd be
surprised!

Quoted text here. Click to load it


Just like magic charms. Your point being?

Oh, what about tomorrow? You're still offering an open door.

Quoted text here. Click to load it


Expect that it DOES NOT WORK AT ALL.

Re: Is there a risk with firewalls?
herk@conic.net wrote:


Quoted text here. Click to load it


Which is s self-fullfilling prophecy. Someone who is using ZoneAlarm sure
isn't competent enough to spot an intrusion.

Quoted text here. Click to load it

Which helps exactly how much? Heck, even the obvious remote DoS (using a
combination of SYN, ICMP and UDP flooding) remains sinceever it was
discovered years ago)

Quoted text here. Click to load it


Uoh, and then even the Kaspersky fun. Hey, do you know what
NtCreateProcess(0,0,0,0,0,0,0) means? For you, it means a bluescreen.

Quoted text here. Click to load it


Except that it works.

Re: Is there a risk with firewalls?
Hallo NoSpam, you wrote:

Quoted text here. Click to load it

Yeah, eat shit. 800 billion flies can't be wrong.

Quoted text here. Click to load it

You forgot an "if" ;-)
A firewall only separates traffic *between* networks. So you can offer
services inside *your* network and your firewall protects this service
against conncetions from outside. A firewall can't *really* protect any
crappy (unpatched) application (such as MSOE, see below, the ActiveX
concept a.s.o.) getting infected by manipulated E-Mails websites ...

Quoted text here. Click to load it

Yes, you can work  without a firewall in an insecure environment, but
you have to secure every application you use, every system library used
by applications and services and every service you offer (so called
"hardening" your system) - firewall and router OS do that (and haven't
so much applications).
 
Quoted text here. Click to load it
That:
| X-Newsreader: Microsoft Outlook Express 6.00.2600.0000

And it's a very old, unpatched version of it.-------^

Wolfgang

--
Nirgendwo hängt der Schulerfolg so stark von Einkommen und Vorbildung
der Eltern ab wie in D'land. Das dt. Schulsystem versagt bei der
Förderung von Arbeiter- und Migrantenkindern. (dpa/FTD 22.11.04)

Re: Is there a risk with firewalls?
says...
Quoted text here. Click to load it

Many firewall appliances can actually inspect the traffic and remove
content from SMTP and HTTP sessions, in fact, we only install firewalls
that permit us to remove content from HTTP and SMTP sessions as a means
to protect users from their own ignorance.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
  drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?
Hallo Leythos, you wrote:

Quoted text here. Click to load it

I do it for our company for SMTP, so the users can work more stress-less
:-)
In some cases I did it (inside of squid) for HTTP for not patched
insecure flaws of browsers or graphic libraries (pattern came from
sans.org)

The better way is: give the users (security) robust tools.

Quoted text here. Click to load it
Yeah________^^^^^^____________^^^^^^^^^^^^^ , you said it.

Wolfgang

--
Nirgendwo hängt der Schulerfolg so stark von Einkommen und Vorbildung
der Eltern ab wie in D'land. Das dt. Schulsystem versagt bei der
Förderung von Arbeiter- und Migrantenkindern. (dpa/FTD 22.11.04)

Re: Is there a risk with firewalls?
Wolfgang Ewert wrote:


Quoted text here. Click to load it

As long as at least one remotely exploitable vulnerability exists, the patch
state doesn't matter much.

Re: Is there a risk with firewalls?
Hallo Sebastian G., you wrote:

Quoted text here. Click to load it

O.k., but, as a malware generator, I haven't reflect to the patch state.

Wolfgang

--
"It turns out that we have not found weapons of mass destruction."
"To my knowledge, I have not seen any strong, hard evidence
that links the two [Hussein & al-Qaida]."  Kriegsverbrecher Rumsfeld
am 4.10.2004 vor dem Council on Foreign Relations in New York.

Re: Is there a risk with firewalls?

Quoted text here. Click to load it

It's a "firewall" (Marketing-speak) but not a firewall as IT
professionals would call it.

A firewall in IT terms is a concept, consisting of various elements such
as packet filters, proxy servers, virus-scanning gateways etc. - in
IT-terms ZA is a host-based packet filter.

Quoted text here. Click to load it

It's running on the same system that it's supposed to protect. Once the
trojan is executed on the system by the user, the trojan can do
everything the user could do - including disabling any security software
installed on the same machine.

Quoted text here. Click to load it

Nope. A system can be secure without any packet filters in front of it
- as long as there is nothing on it listening to inbound connections
from the Internet (which the packet filter would block otherwise), and
as long as nobody is sitting in front of it downloading and executing a
trojan (they don't just magically install themselves...)


Juergen Nieveler
--
Too err is human.  To forgive is not company policy

Re: Is there a risk with firewalls?
NoSpam wrote:


Quoted text here. Click to load it


Because it simply is none? Look up the definition, then look into the
manual, and you can straightly tell that it is impossible to build a real
firewall with ZoneAlarm.

Quoted text here. Click to load it

So what? This just proves that marketing works. None of the users has any
clue what they're doing.

Quoted text here. Click to load it

Because it introduces well-known remote exploits? And local privilege
escalation? Trivial remote DoS? Trivially bypassed? Vendor being unwilling
to fix anything?

Quoted text here. Click to load it


Definitely marketing works. Why the f*** do you think a system couldn't be
secure without a firewall, and a firewall could make an insecure system
become secure?

Quoted text here. Click to load it


MicroSoft Outlook Express

Re: Is there a risk with firewalls?

Quoted text here. Click to load it

To make a long story short: Your machine seems to be infected.

Re: Is there a risk with firewalls?
Hallo NoSpam, you wrote:

Quoted text here. Click to load it
 
There isn't any full up to date anti-virus protection. It's not possible
by concept.

Quoted text here. Click to load it

Security Program Manager of Microsoft says: "Flatten your system and
rebuild it", take all security patches of your system and applications,
"harden" it (configure it secure, there are many manuals helping:
http://www.ntsvcfg.de/ntsvcfg_eng.html is one).

Wolfgang

--
Nirgendwo hängt der Schulerfolg so stark von Einkommen und Vorbildung
der Eltern ab wie in D'land. Das dt. Schulsystem versagt bei der
Förderung von Arbeiter- und Migrantenkindern. (dpa/FTD 22.11.04)

Re: Is there a risk with firewalls?
NoSpam wrote:
...
Quoted text here. Click to load it
...

Submit that file on this site http://www.virustotal.com/en/indexf.html
maybe you will find out with what you are dealing with. I belive your
system is already compromised. You have active malware which activates
before ZA initialization is completed and downloads other malware. Best
solution would be to flat and rebuild i.e. format. But if, for some
reason, you don't want to do that, turn off system restore, boot into
safe mode, scan with AV and hope that everything will be OK, maybe you
will be lucky.
In addition try to find help somewhere else. Try on some group or forum
dealing with malware, this group deal with firewalls so your post is a
bit OT. Maybe somebody might help you to determine how bad your system
is compromised. Firewall cannot help you anymore.
Remember, format is a _best_ solution. Leythos gave you a good advice,
use NAT router in future.

Re: Is there a risk with firewalls?
Dear Helper,

Thank you for your advice.

Unfortunately the malware files in question have been erased and I have
not had another sample deposited on my system. If that should happen
again, then I will submit the file as you suggested.

My OS (Win2000) has no systems restore.

I have scanned the systems several times and no reports of malware
have come up.

My original post was on topic, because it addressed the vulnerable
period between the activation of DSL and activation of a firewall
like ZoneAlarm. This seems to be a recognized problem and can
be resolved by installing a NAT, at least this is what I read out
of the many replies.

Thank you for your help
G.R.



Quoted text here. Click to load it
the
for
file



Re: Is there a risk with firewalls?
NoSpam wrote:
...
Quoted text here. Click to load it
...

That is good, maybe you are lucky. But, let think, are you only one
persone on world using Win2000 with ZA? No. Does other people having
similar configuration like you have a same problem? (downloading of
malware during mentioned period)? I belive not, am I wrong? Why do you
have? What is the reason? It does not have to be malware, but
probability is high. Try to scan with some on-line scanner (Kaspersky is
OK). You can also try to download http://www.hijackthis.de/en rename it
for example _root_dummy.exe and submit log to mentioned site.
Best would be to ask somebody, who knows more than you, to check your
hijackthis log and system for misconfiguration. Something is definetly
wrong on your system. Are you running some server applicatons?
http://www.antirootkit.com/software/IceSword.htm this is interesting
utility, you may find it usefull. Check running processes and listening
ports.

NAT router will prevent dowloading of malware in future, but it will not
fix your system, you have to do that.

Re: Is there a risk with firewalls?
Dear Alf,

Other people with the same configuration may have the same problem and
not recognize it! It occured only once during the vulnerable period and
AntiVir Guard caught it. There were however some six of these files on
my PC from earlier unrecognized events. I am sorry I erased them all
and did not keep a copy.

I have observed with an earlier version of ZoneAlarm, that immediately
after booting up, a ping comes in. It is either from the IPS or from some
other scanner. So there is a way to find PC,s which have just booted
up. This could be the reason why I have been hit with that malware, rather
than by malware residing on my PC calling out for more malware.

Newer versions of ZoneAlarm have done away with this reporting be-
cause it led to very frequent reports which were apparently a nuisance
and not of concern.

To answer your question whether I am running a server: I do not.

Greetings and thanks
GR.


Quoted text here. Click to load it



Re: Is there a risk with firewalls?
NoSpam wrote:
Quoted text here. Click to load it

Hm, hm... I doubt.

Quoted text here. Click to load it

Maybe I'm paranoid afterall. It is your system, you know better what is
going on there. If you said it is clean, OK then it is clean.
Now don't loose your time replying on this post. Configure your NAT
router and keep on working normally.

Good luck.

Re: Is there a risk with firewalls?

Quoted text here. Click to load it

The only personal packet filter or personal FW that can get there before the
network connection is available is XP's or Vista's personal packet
filter/personal FW, because those solutions a integrated components of the
O/S. No 3rd party solution is an integrated component of the O/S. So,
therefore, the O/S is not making things wait until the PPF/PFW is up and
running, before anything else takes place.

What you need is a border device like a NAT router. It will always be up and
running, protecting the machine, before the machine can make a connection to
the Internet.

I saw one of your posts toanother poster about why something like ZA or any
other desktop solutions are not FW(s).

*What is a FW?*

A FW separates two networks. The network it's protecting from usually the
Internet and the network it's protecting the LAN. A FW must have two or more
interfaces or (network interface cards for a FW software solution running on
a gateway computer. One NIC faces the Internet (the untrusted zone) and the
other NIC faces the LAN (the trusted zone).

A FW solution provides a physical separation of networks whether that be a
packet filtering FW router, a FW appliance or software running on a host
gateway computer.





Site Timeline