Is there a risk with firewalls?

Dear Group,

I am asking a question regarding the time interval after startup of a PC and
the
time the firewall becomes effective.

The details are briefly as follows:

On my PC the startup contains the following sequence: first the DSL connect
is
started up, followed by my firewall. There is a gap in time between the two,
which
is being used to deposit a Trojan onto my system. The Trojan is detected by
my
Antivirus program and can be removed.

Question: Should a firewall not become effective BEFORE any connection to
the
internet is opened?? If this is true, are there any firewalls which will do
just that?

Thanks for any help
G.R.

Re: Is there a risk with firewalls?

In article <48Tdi.3607$lY5.851@trnddc07>, NoSpam@verizon.net says...
> Dear Group,
>
> I am asking a question regarding the time interval after startup of a PC and
> the
> time the firewall becomes effective.
>
> The details are briefly as follows:
>
> On my PC the startup contains the following sequence: first the DSL connect
> is
> started up, followed by my firewall. There is a gap in time between the two,
> which
> is being used to deposit a Trojan onto my system. The Trojan is detected by
> my
> Antivirus program and can be removed.
>
> Question: Should a firewall not become effective BEFORE any connection to
> the
> internet is opened?? If this is true, are there any firewalls which will do
> just that?
>
> Thanks for any help

Why don't you have a NAT router between your internet service and your
PC?

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?

Leythos,

Thanks for your quick reply. Would you please also tell me what a
NAT router is and what fuction it serves. I can probably find this info
by googling, but since you already know the context of my questions
your answer may be valuable.

G.R.
"Leythos" wrote in message
news:MPG.20e1ca187bc4fff9989748@adfree.Usenet.com...
> In article <48Tdi.3607$lY5.851@trnddc07>, NoSpam@verizon.net says...
> > Dear Group,
> >
> > I am asking a question regarding the time interval after startup of a PC
and
> > the
> > time the firewall becomes effective.
> >
> > The details are briefly as follows:
> >
> > On my PC the startup contains the following sequence: first the DSL
connect
> > is
> > started up, followed by my firewall. There is a gap in time between the
two,
> > which
> > is being used to deposit a Trojan onto my system. The Trojan is detected
by
> > my
> > Antivirus program and can be removed.
> >
> > Question: Should a firewall not become effective BEFORE any connection
to
> > the
> > internet is opened?? If this is true, are there any firewalls which will
do
> > just that?
> >
> > Thanks for any help
>
> Why don't you have a NAT router between your internet service and your
> PC?
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?

Post removed (X-No-Archive: yes)

Re: Is there a risk with firewalls?

"Straight Talk" wrote in message
news:f15g7310pahj1ebt39tboq3g6hk2g4l4vs@4ax.com...
> On Tue, 19 Jun 2007 16:04:16 GMT, "NoSpam" wrote:
>
> >On my PC the startup contains the following sequence: first the DSL
> >connect is started up, followed by my firewall.
>
> What firewall? What OS?
>
> >There is a gap in time between the two, which is being used to deposit a
> >Trojan onto my system. The Trojan is detected by
> >my Antivirus program and can be removed.
>
> Sounds fishy. I bet it's there from the very start. How do you make
> sure it's actually "removed"?
>
> >Question: Should a firewall not become effective BEFORE any connection to
> >the internet is opened??
>
> Yes.
>
> >If this is true, are there any firewalls which will do just that?
>
> Windows firewall does. But if you're infected already you can't rely
> on anything anyway. Then all bets are off.

Re: Is there a risk with firewalls?

First thank you for your reply Straight Talk.

Next the answers to your questions are: Win2000 Pro, Zone Alarm. Antivir
Guard is
installeld and up to date.

I know the following: the Antivir Guard tells me which file goes with the
Trojan. This file
is actuall there and was installed at the time of report. The Properties for
this file tells me
that the Administrator for the installation is my PC-designation. This file
has been created
numerous times and conisists of 8 letters, which are obviously chosen at
random and the
extension of the file is .exe.

This Trojan arrives shortly after the PC is turned. I am not sure, but it
may make its way after
the firewall is up. However one time it came in when the firewall still was
not up.

These are the essentials I can tell you and I am certain of them

G.R.

"Straight Talk" wrote in message
news:f15g7310pahj1ebt39tboq3g6hk2g4l4vs@4ax.com...
> On Tue, 19 Jun 2007 16:04:16 GMT, "NoSpam" wrote:
>
> >On my PC the startup contains the following sequence: first the DSL
> >connect is started up, followed by my firewall.
>
> What firewall? What OS?
>
> >There is a gap in time between the two, which is being used to deposit a
> >Trojan onto my system. The Trojan is detected by
> >my Antivirus program and can be removed.
>
> Sounds fishy. I bet it's there from the very start. How do you make
> sure it's actually "removed"?
>
> >Question: Should a firewall not become effective BEFORE any connection to
> >the internet is opened??
>
> Yes.
>
> >If this is true, are there any firewalls which will do just that?
>
> Windows firewall does. But if you're infected already you can't rely
> on anything anyway. Then all bets are off.

Re: Is there a risk with firewalls?

In article , NoSpam@verizon.net says...
> Thanks for your quick reply. Would you please also tell me what a
> NAT router is and what fuction it serves. I can probably find this info
> by googling, but since you already know the context of my questions
> your answer may be valuable.

The NAT router would block inbound connections that you've not initiated
from your computer - this means that nothing on the internet would not
get into your computer unless your computer reached out to it first.

While not a firewall, many vendors call their NAT Routers firewalls. The
appliance provides this protection regardless of the state of your
computer.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?

Lethyos,

Thanks for your info.

I interpret it to mean that installation of a NAT router would protect
me from all incoming traffic until I deactivate it. Such deactivation might
take plase after the firewall is up and running.

Am I correct in the foregoing?

If I am correct, then under what names are NAT routers sold and what is
involved in installing them?

Finally why would firewalls not come up before DSL is running? Is there
a way to force DSL to come up first?

Thank you
G.R.


"Leythos" wrote in message
news:MPG.20e207b15eeff3bc989704@adfree.Usenet.com...
> In article , NoSpam@verizon.net says...
> > Thanks for your quick reply. Would you please also tell me what a
> > NAT router is and what fuction it serves. I can probably find this info
> > by googling, but since you already know the context of my questions
> > your answer may be valuable.
>
> The NAT router would block inbound connections that you've not initiated
> from your computer - this means that nothing on the internet would not
> get into your computer unless your computer reached out to it first.
>
> While not a firewall, many vendors call their NAT Routers firewalls. The
> appliance provides this protection regardless of the state of your
> computer.
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?

NoSpam wrote:

> First thank you for your reply Straight Talk.
>
> Next the answers to your questions are: Win2000 Pro, Zone Alarm.


Eh... ZoneAlarm is no firewall. It's a host-based packet filter, and a
pretty lousy one. One should wonder why you even associate any notion of
security with it.

> I know the following: the Antivir Guard tells me which file goes with the
> Trojan. This file is actuall there and was installed at the time of report.


Long story short: If your system is not secure without a "firewall", it
can't be sure with one either. And yours obviously isn't.

(And your postings headers provide even more evidence: You're abusing MSOE
as a newsreader.)

Re: Is there a risk with firewalls?

Dear Sebastian,

Your reply puzzles me. Why do you state that ZoneAlarm is no firewall? It is
sold as
and described as one and it is very widely used. Would you care to tell me
why you
consider it to be so poor.

It also puzzles me that you describe my system as not secure without a
firewall and
imply it should be. Is it not true that no system is secure without a
firewall?

You finally state that I am abusing something by using MSOE as a newsreader.
What is MSOE?

Greetings to Deutschland and Thanks for your interest
G.R.


"Sebastian G." wrote in message
news:5dr2v3F35u2reU1@mid.dfncis.de...
> NoSpam wrote:
>
> > First thank you for your reply Straight Talk.
> >
> > Next the answers to your questions are: Win2000 Pro, Zone Alarm.
>
>
> Eh... ZoneAlarm is no firewall. It's a host-based packet filter, and a
> pretty lousy one. One should wonder why you even associate any notion of
> security with it.
>
> > I know the following: the Antivir Guard tells me which file goes with
the
> > Trojan. This file is actuall there and was installed at the time of
report.
>
>
> Long story short: If your system is not secure without a "firewall", it
> can't be sure with one either. And yours obviously isn't.
>
> (And your postings headers provide even more evidence: You're abusing MSOE
> as a newsreader.)

Re: Is there a risk with firewalls?

In article <9HXdi.4638$%t6.1306@trnddc02>, NoSpam@verizon.net says...
> Lethyos,
>
> Thanks for your info.
>
> I interpret it to mean that installation of a NAT router would protect
> me from all incoming traffic until I deactivate it. Such deactivation might
> take plase after the firewall is up and running.
>
> Am I correct in the foregoing?
>
> If I am correct, then under what names are NAT routers sold and what is
> involved in installing them?
>
> Finally why would firewalls not come up before DSL is running? Is there
> a way to force DSL to come up first?

The NAT router will block inbound, unsolicited, traffic always, it
doesn't matter what you have on the network. So, you don't even need
your personal firewall once you have a NAT, as personal firewalls don't
protect people that don't understand them well.

Linksys, D-Link, Netgear, etc... They all make what they call firewalls
that are really NAT Routers - a couple of them make firewalls too. A
typical NAT device runs about $50 US.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?

Leythos,

Is the following the type of router an example of the device you mentioned
in order
to block unwanted access to a PC?

NETGEAR
RP614 4 Port Cable/DSL Web Safe Router Gateway 10/100 Switch
Summary

Features:
a.. Unique Smart Wizard and Install Assistant make setup a breeze
a.. Lightning fast cable/DSL Internet sharing with integrated 4-port
switch
a.. NAT Firewall with VPN pass-through protects against hackers
a.. Connects up to 253 network users
a.. Parents may restrict and monitor access to inappropriate Web sites
a.. Instant alerts and regular e-mail notification of browser activity
a.. Free network cable, vertical stand and privacy software
Please let me know.

Thank you
GR.

"Leythos" wrote in message
news:MPG.20e25c14836fc55598974a@adfree.Usenet.com...
> In article <9HXdi.4638$%t6.1306@trnddc02>, NoSpam@verizon.net says...
> > Lethyos,
> >
> > Thanks for your info.
> >
> > I interpret it to mean that installation of a NAT router would protect
> > me from all incoming traffic until I deactivate it. Such deactivation
might
> > take plase after the firewall is up and running.
> >
> > Am I correct in the foregoing?
> >
> > If I am correct, then under what names are NAT routers sold and what is
> > involved in installing them?
> >
> > Finally why would firewalls not come up before DSL is running? Is there
> > a way to force DSL to come up first?
>
> The NAT router will block inbound, unsolicited, traffic always, it
> doesn't matter what you have on the network. So, you don't even need
> your personal firewall once you have a NAT, as personal firewalls don't
> protect people that don't understand them well.
>
> Linksys, D-Link, Netgear, etc... They all make what they call firewalls
> that are really NAT Routers - a couple of them make firewalls too. A
> typical NAT device runs about $50 US.
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?

In article , NoSpam@verizon.net says...
> Leythos,
>
> Is the following the type of router an example of the device you mentioned
> in order
> to block unwanted access to a PC?
>
> NETGEAR
> RP614 4 Port Cable/DSL Web Safe Router Gateway 10/100 Switch
> Summary
>
> Features:
> a.. Unique Smart Wizard and Install Assistant make setup a breeze
> a.. Lightning fast cable/DSL Internet sharing with integrated 4-port
> switch
> a.. NAT Firewall with VPN pass-through protects against hackers
> a.. Connects up to 253 network users
> a.. Parents may restrict and monitor access to inappropriate Web sites
> a.. Instant alerts and regular e-mail notification of browser activity
> a.. Free network cable, vertical stand and privacy software
> Please let me know.
>
> Thank you

Yes, as well as the Linksys BEFSR41, BEFSX41, BEFVP41, Dlink FVS-318 and
several others, and the D-Link DFL-700 which is as close to a firewall
appliance as you will find for under $250.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?

Post removed (X-No-Archive: yes)

Re: Is there a risk with firewalls?

Post removed (X-No-Archive: yes)

Re: Is there a risk with firewalls?

In message herk@conic.net
wrote:

>Ignore these doomsday idiots. They're overly paranoid schizoids. Nothing
>is 'safe' enough for them.
>
>I've been using Zone Alarm freebie for over 5 years and have never had
>an 'intrusion' problem. I update it each time they release an update.
>
>With Zone Alarm and Kaspersky anti virus, I've never had a problem with
>trojans or malware of any kind.
>
>Zone Alarm freebie is simple and it works.

I have an equally effective solution, it's my "anti-malware rock", which
I keep sitting within 8' of my PC. Since installing the rock, I haven't
been hit by any malware.

--
If quitters never win, and winners never quit,
what fool came up with, "Quit while you're ahead"?

Re: Is there a risk with firewalls?

"NoSpam" wrote in message
news:48Tdi.3607$lY5.851@trnddc07...
> Dear Group,
>
> I am asking a question regarding the time interval after startup of a PC
> and
> the
> time the firewall becomes effective.
>
> The details are briefly as follows:
>
> On my PC the startup contains the following sequence: first the DSL
> connect
> is
> started up, followed by my firewall. There is a gap in time between the
> two,
> which
> is being used to deposit a Trojan onto my system. The Trojan is detected
> by
> my
> Antivirus program and can be removed.
>
> Question: Should a firewall not become effective BEFORE any connection to
> the
> internet is opened?? If this is true, are there any firewalls which will
> do
> just that?
>

The only personal packet filter or personal FW that can get there before the
network connection is available is XP's or Vista's personal packet
filter/personal FW, because those solutions a integrated components of the
O/S. No 3rd party solution is an integrated component of the O/S. So,
therefore, the O/S is not making things wait until the PPF/PFW is up and
running, before anything else takes place.

What you need is a border device like a NAT router. It will always be up and
running, protecting the machine, before the machine can make a connection to
the Internet.

I saw one of your posts toanother poster about why something like ZA or any
other desktop solutions are not FW(s).

*What is a FW?*

A FW separates two networks. The network it's protecting from usually the
Internet and the network it's protecting the LAN. A FW must have two or more
interfaces or (network interface cards for a FW software solution running on
a gateway computer. One NIC faces the Internet (the untrusted zone) and the
other NIC faces the LAN (the trusted zone).

A FW solution provides a physical separation of networks whether that be a
packet filtering FW router, a FW appliance or software running on a host
gateway computer.

Re: Is there a risk with firewalls?

> I interpret it to mean that installation of a NAT router would protect
> me from all incoming traffic until I deactivate it. Such deactivation might
> take plase after the firewall is up and running.


Why would you want to dactivate it?

>
> Am I correct in the foregoing?

No.

> If I am correct, then under what names are NAT routers sold and what is
> involved in installing them?

Netgear, D-link, Cisco, netscreen, AVM, ....

> Finally why would firewalls not come up before DSL is running? Is there
> a way to force DSL to come up first?

You are the admin of your machine, you have control over the series of
events.

Jens

Re: Is there a risk with firewalls?

Hallo NoSpam, you wrote:

> Your reply puzzles me. Why do you state that ZoneAlarm is no firewall? It is
> sold as
> and described as one and it is very widely used.

Yeah, eat shit. 800 billion flies can't be wrong.

> It also puzzles me that you describe my system as not secure without a
> firewall and

You forgot an "if" ;-)
A firewall only separates traffic *between* networks. So you can offer
services inside *your* network and your firewall protects this service
against conncetions from outside. A firewall can't *really* protect any
crappy (unpatched) application (such as MSOE, see below, the ActiveX
concept a.s.o.) getting infected by manipulated E-Mails websites ...

> imply it should be. Is it not true that no system is secure without a
> firewall?

Yes, you can work without a firewall in an insecure environment, but
you have to secure every application you use, every system library used
by applications and services and every service you offer (so called
"hardening" your system) - firewall and router OS do that (and haven't
so much applications).

> You finally state that I am abusing something by using MSOE as a newsreader.
> What is MSOE?
That:
| X-Newsreader: Microsoft Outlook Express 6.00.2600.0000

And it's a very old, unpatched version of it.-------^

Wolfgang

--
Nirgendwo hängt der Schulerfolg so stark von Einkommen und Vorbildung
der Eltern ab wie in D'land. Das dt. Schulsystem versagt bei der
Förderung von Arbeiter- und Migrantenkindern. (dpa/FTD 22.11.04)

Re: Is there a risk with firewalls?

Hallo NoSpam, you wrote:

> Next the answers to your questions are: Win2000 Pro, Zone Alarm. Antivir
> Guard is
> installeld and up to date.

There isn't any full up to date anti-virus protection. It's not possible
by concept.

> I know the following: the Antivir Guard tells me which file goes with the
> Trojan. This file
> is actuall there and was installed at the time of report. The Properties for
> this file tells me
> that the Administrator for the installation is my PC-designation. This file
> has been created
> numerous times and conisists of 8 letters, which are obviously chosen at
> random and the
> extension of the file is .exe.
>
> This Trojan arrives shortly after the PC is turned. I am not sure, but it

Security Program Manager of Microsoft says: "Flatten your system and
rebuild it", take all security patches of your system and applications,
"harden" it (configure it secure, there are many manuals helping:
http://www.ntsvcfg.de/ntsvcfg_eng.html is one).

Wolfgang

--
Nirgendwo hängt der Schulerfolg so stark von Einkommen und Vorbildung
der Eltern ab wie in D'land. Das dt. Schulsystem versagt bei der
Förderung von Arbeiter- und Migrantenkindern. (dpa/FTD 22.11.04)

Re: Is there a risk with firewalls?

Hallo DevilsPGD, you wrote:

> In message herk@conic.net
> wrote:
>
> >I've been using Zone Alarm freebie ... With Zone Alarm and Kaspersky anti virus

And so on...

> I have an equally effective solution, it's my "anti-malware rock", which
> I keep sitting within 8' of my PC. Since installing the rock, I haven't
> been hit by any malware.

*LOL*, good answer!
I don't try to use software from untrusted source (cert.org - homeusers
task 1), I keep my system and applications patched, I'm networking as a
restricted user, I don't offer (any |vulnerable) services to the
Internet, backing up my system, that's all.

Wolfgang

--
Nirgendwo hängt der Schulerfolg so stark von Einkommen und Vorbildung
der Eltern ab wie in D'land. Das dt. Schulsystem versagt bei der
Förderung von Arbeiter- und Migrantenkindern. (dpa/FTD 22.11.04)

Re: Is there a risk with firewalls?

In article , w.ewert2002@gmx.de
says...
> A firewall only separates traffic *between* networks.

Many firewall appliances can actually inspect the traffic and remove
content from SMTP and HTTP sessions, in fact, we only install firewalls
that permit us to remove content from HTTP and SMTP sessions as a means
to protect users from their own ignorance.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?

Post removed (X-No-Archive: yes)

Re: Is there a risk with firewalls?

Post removed (X-No-Archive: yes)

Re: Is there a risk with firewalls?

Post removed (X-No-Archive: yes)

Re: Is there a risk with firewalls?

Post removed (X-No-Archive: yes)

Re: Is there a risk with firewalls?

Hallo Leythos, you wrote:

> > A firewall only separates traffic *between* networks.
>
> Many firewall appliances can actually inspect the traffic and remove
> content from SMTP and HTTP sessions,

I do it for our company for SMTP, so the users can work more stress-less
:-)
In some cases I did it (inside of squid) for HTTP for not patched
insecure flaws of browsers or graphic libraries (pattern came from
sans.org)

The better way is: give the users (security) robust tools.

> in fact, we only install firewalls
> that permit us to remove content from HTTP and SMTP sessions as a means
> to protect users from their own ignorance.
Yeah________^^^^^^____________^^^^^^^^^^^^^ , you said it.

Wolfgang

--
Nirgendwo hängt der Schulerfolg so stark von Einkommen und Vorbildung
der Eltern ab wie in D'land. Das dt. Schulsystem versagt bei der
Förderung von Arbeiter- und Migrantenkindern. (dpa/FTD 22.11.04)

Re: Is there a risk with firewalls?

Hallo "Mr. Arnold" , you wrote:

> The only personal packet filter or personal FW that can get there before the
> network connection is available is XP's or Vista's personal packet
> filter/personal FW, because those solutions a integrated components of the
> O/S. No 3rd party solution is an integrated component of the O/S.

What about wipfw? wipfw.sourceforge.net/

asks
Wolfgang

Re: Is there a risk with firewalls?

Post removed (X-No-Archive: yes)

Re: Is there a risk with firewalls?

"Wolfgang Ewert" wrote in message
news:v86nk4-40c.ln1@news.wolfgang.ewert.com...
> Hallo "Mr. Arnold" , you wrote:
>
>> The only personal packet filter or personal FW that can get there before
>> the
>> network connection is available is XP's or Vista's personal packet
>> filter/personal FW, because those solutions a integrated components of
>> the
>> O/S. No 3rd party solution is an integrated component of the O/S.
>
> What about wipfw? wipfw.sourceforge.net/
>

Show me where it says that this wipfw is going to provide protection at
boot. Even MS's IPsec which is another packet filter and is on the O/S
cannot even do this. And I suspect that this wipfw cannot do it either.

http://www.support4vista.com/tutorial/windows-firewall.htm

Re: Is there a risk with firewalls?

NoSpam wrote:
....
> I know the following: the Antivir Guard tells me which file goes with the
> Trojan. This file
> is actuall there and was installed at the time of report. The Properties for
> this file tells me
> that the Administrator for the installation is my PC-designation. This file
> has been created
> numerous times and conisists of 8 letters, which are obviously chosen at
> random and the
> extension of the file is .exe.
....

Submit that file on this site http://www.virustotal.com/en/indexf.html
maybe you will find out with what you are dealing with. I belive your
system is already compromised. You have active malware which activates
before ZA initialization is completed and downloads other malware. Best
solution would be to flat and rebuild i.e. format. But if, for some
reason, you don't want to do that, turn off system restore, boot into
safe mode, scan with AV and hope that everything will be OK, maybe you
will be lucky.
In addition try to find help somewhere else. Try on some group or forum
dealing with malware, this group deal with firewalls so your post is a
bit OT. Maybe somebody might help you to determine how bad your system
is compromised. Firewall cannot help you anymore.
Remember, format is a _best_ solution. Leythos gave you a good advice,
use NAT router in future.

Re: Is there a risk with firewalls?

herk@conic.net wrote:
> On Wed, 20 Jun 2007 08:13:18 GMT, Straight Talk wrote:
>> On Wed, 20 Jun 2007 00:53:27 -0500, herk@conic.net wrote:
>>> Zone Alarm freebie is simple and it works.
>>
>> It probably works as coded - but did you actually test if it also
>> works as expected?
>
> I've tested it with some of firewall test sites, and it's always come
> up 'stealth.'

*headdesk*

> It has such a history of 'working' on my machine that I simply see no
> reason to doubt its effectiveness.

And you would have been able to detect if it had failed to work how?

BTW, you do realize that ZA itself phones home, and that more recent
versions incorporate rootkit functionality to restrict administrative
accounts (which is utterly braindead)?

> Ain't saying it's the best. I'm only saying it's the best for me in my
> situation. it's utter simplicity.

Managing a Personal Firewall is far from anything that could even
remotely be regarded as "simplicity". Not only do most (if not all) of
them provide insufficient information to make reasonable decisions, they
present the user with choices he simply cannot make because he lacks the
required understanding of TCP/IP and windows internals. Not to mention
that several of them open additional attack vectors (some local, some
even remote).

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Is there a risk with firewalls?

Hallo "Mr. Arnold" , you wrote:

> >> The only personal packet filter or personal FW that can get there before
> >> the network connection is available is XP's or Vista's personal packet
> >> filter/personal FW

> > What about wipfw? wipfw.sourceforge.net/
>
> Show me

I never tested it yet, so I asked.

> where it says that this wipfw is going to provide protection at
> boot.

Not at boot, as first of all network services with highest priority
would be enough.

> Even MS's IPsec which is another packet filter and is on the O/S
> cannot even do this.

Yes, IPSec is a conglomerate of secure networking and packet filtering.
I was shown, that there are 3 different mechanism of packet filtering,
not three ore more UI to one and the same mechanism.

> And I suspect that this wipfw cannot do it either.

I suppose too.

> http://www.support4vista.com/tutorial/windows-firewall.htm

THX.
Wolfgang

--
Nirgendwo hängt der Schulerfolg so stark von Einkommen und Vorbildung
der Eltern ab wie in D'land. Das dt. Schulsystem versagt bei der
Förderung von Arbeiter- und Migrantenkindern. (dpa/FTD 22.11.04)

Re: Is there a risk with firewalls?

Mr. Arnold wrote:


> The only personal packet filter or personal FW that can get there before the
> network connection is available is XP's or Vista's personal packet
> filter/personal FW, because those solutions a integrated components of the
> O/S. No 3rd party solution is an integrated component of the O/S. So,
> therefore, the O/S is not making things wait until the PPF/PFW is up and
> running, before anything else takes place.


What about Wipfw with STARTUP_BOOT_START? Works quite well.
Of course, none of the typical PFW shit works with boot startup.

> What you need is a border device like a NAT router. It will always be up and
> running, protecting the machine, before the machine can make a connection to
> the Internet.


Unless it gets circumvented, which is more or less trivial.

Now, what about not offering any services at boot time? Or better generally?

Re: Is there a risk with firewalls?

NoSpam wrote:


> Your reply puzzles me. Why do you state that ZoneAlarm is no firewall?


Because it simply is none? Look up the definition, then look into the
manual, and you can straightly tell that it is impossible to build a real
firewall with ZoneAlarm.

> It is sold as and described as one and it is very widely used.

So what? This just proves that marketing works. None of the users has any
clue what they're doing.

> Would you care to tell me why you consider it to be so poor.

Because it introduces well-known remote exploits? And local privilege
escalation? Trivial remote DoS? Trivially bypassed? Vendor being unwilling
to fix anything?

> It also puzzles me that you describe my system as not secure without a
> firewall and imply it should be. Is it not true that no system is secure

> without a firewall?

Definitely marketing works. Why the f*** do you think a system couldn't be
secure without a firewall, and a firewall could make an insecure system
become secure?

> You finally state that I am abusing something by using MSOE as a newsreader.
> What is MSOE?


MicroSoft Outlook Express

Re: Is there a risk with firewalls?

herk@conic.net wrote:


> I've been using Zone Alarm freebie for over 5 years and have never had
> an 'intrusion' problem.


Which is s self-fullfilling prophecy. Someone who is using ZoneAlarm sure
isn't competent enough to spot an intrusion.

> I update it each time they release an update.

Which helps exactly how much? Heck, even the obvious remote DoS (using a
combination of SYN, ICMP and UDP flooding) remains sinceever it was
discovered years ago)

> With Zone Alarm and Kaspersky anti virus, I've never had a problem with
> trojans or malware of any kind.


Uoh, and then even the Kaspersky fun. Hey, do you know what
NtCreateProcess(0,0,0,0,0,0,0) means? For you, it means a bluescreen.

> Zone Alarm freebie is simple and it works.


Except that it works.

Re: Is there a risk with firewalls?

Wolfgang Ewert wrote:


> | X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
>
> And it's a very old, unpatched version of it.-------^

As long as at least one remotely exploitable vulnerability exists, the patch
state doesn't matter much.

Re: Is there a risk with firewalls?

herk@conic.net wrote:


> I've tested it with some of firewall test sites, and it's always come up
> 'stealth.'


Yupp, that's bad.

And, um, did any of these sites test for what happens with overlapped IP
fragments when injected close to your hop (in a topological sense)? You'd be
surprised!

> It has such a history of 'working' on my machine that I simply see no
> reason to doubt its effectiveness.


Just like magic charms. Your point being?

Oh, what about tomorrow? You're still offering an open door.

> Ain't saying it's the best. I'm only saying it's the best for me in my
> situation. it's utter simplicity.


Expect that it DOES NOT WORK AT ALL.

Re: Is there a risk with firewalls?

Hallo Sebastian G., you wrote:

> > | X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
> >
> > And it's a very old, unpatched version of it.-------^
>
> As long as at least one remotely exploitable vulnerability exists, the patch
> state doesn't matter much.

O.k., but, as a malware generator, I haven't reflect to the patch state.

Wolfgang

--
"It turns out that we have not found weapons of mass destruction."
"To my knowledge, I have not seen any strong, hard evidence
that links the two [Hussein & al-Qaida]." Kriegsverbrecher Rumsfeld
am 4.10.2004 vor dem Council on Foreign Relations in New York.

Re: Is there a risk with firewalls?

"Sebastian G." wrote in message
news:5dsmj4F34kddaU1@mid.dfncis.de...
> Mr. Arnold wrote:
>
>
>> The only personal packet filter or personal FW that can get there before
>> the
>> network connection is available is XP's or Vista's personal packet
>> filter/personal FW, because those solutions a integrated components of
>> the
>> O/S. No 3rd party solution is an integrated component of the O/S. So,
>> therefore, the O/S is not making things wait until the PPF/PFW is up and
>> running, before anything else takes place.
>
>
> What about Wipfw with STARTUP_BOOT_START? Works quite well.
> Of course, none of the typical PFW shit works with boot startup.

Well Wolfgang in the other post, you heard it here first, let me know if
does as advertised.

>
>> What you need is a border device like a NAT router. It will always be up
>> and
>> running, protecting the machine, before the machine can make a connection
>> to
>> the Internet.
>
>
> Unless it gets circumvented, which is more or less trivial.
>
> Now, what about not offering any services at boot time? Or better
> generally?

If one has got to offer the service, then one got to offer the service, like
HTTP and FTP, etc, etc.

Re: Is there a risk with firewalls?

Dear Mr. Arnold,

Among the many responses I found your explanation and advice most useful.

It appears that a NAT router is the safest way to protect my or any PC from
intenet intrusions occurring at any time and coming from tine Internet?
True or Flse?

There are some additional questions which remain:
1.) Is a firewall such as Zone Alarm still needed even if one has a NAT
router
stalled? The NAT router prevents access to the PC from any other site
but
the one the PC has been connected to, but it does not prevent a malware
program from contacting a site of its choosing. Is this the reason why
one
still needs a firewall in addition to a NAT router?
2.) Why is the vulnerable period between boot and final activation of a
software
firewall not mentioned and described in the help texts for commercial
soft-
ware firewalls? It appears that Microsoft with Vista has officially
acknowledged
that such a vulnerable period exists. ( I found that out the hard way.)
3.) Finally you say that a firewall needs two network interface cards one
facing
the internet, the other the local network. There are no such interface
cars
on my PC or on most of the PCs using software firewalls such as Zone
Alarm.
I therefore do not follow your explanation.

Thank you

G,R,


"Mr. Arnold" wrote in message
news:dr3ei.1622$iz5.1134@newsread4.news.pas.earthlink.net...
>
> "NoSpam" wrote in message
> news:48Tdi.3607$lY5.851@trnddc07...
> > Dear Group,
> >
> > I am asking a question regarding the time interval after startup of a PC
> > and
> > the
> > time the firewall becomes effective.
> >
> > The details are briefly as follows:
> >
> > On my PC the startup contains the following sequence: first the DSL
> > connect
> > is
> > started up, followed by my firewall. There is a gap in time between the
> > two,
> > which
> > is being used to deposit a Trojan onto my system. The Trojan is detected
> > by
> > my
> > Antivirus program and can be removed.
> >
> > Question: Should a firewall not become effective BEFORE any connection
to
> > the
> > internet is opened?? If this is true, are there any firewalls which will
> > do
> > just that?
> >
>
> The only personal packet filter or personal FW that can get there before
the
> network connection is available is XP's or Vista's personal packet
> filter/personal FW, because those solutions a integrated components of the
> O/S. No 3rd party solution is an integrated component of the O/S. So,
> therefore, the O/S is not making things wait until the PPF/PFW is up and
> running, before anything else takes place.
>
> What you need is a border device like a NAT router. It will always be up
and
> running, protecting the machine, before the machine can make a connection
to
> the Internet.
>
> I saw one of your posts toanother poster about why something like ZA or
any
> other desktop solutions are not FW(s).
>
> *What is a FW?*
>
> A FW separates two networks. The network it's protecting from usually the
> Internet and the network it's protecting the LAN. A FW must have two or
more
> interfaces or (network interface cards for a FW software solution running
on
> a gateway computer. One NIC faces the Internet (the untrusted zone) and
the
> other NIC faces the LAN (the trusted zone).
>
> A FW solution provides a physical separation of networks whether that be a
> packet filtering FW router, a FW appliance or software running on a host
> gateway computer.
>
>
>
>

Re: Is there a risk with firewalls?

Dear Helper,

Thank you for your advice.

Unfortunately the malware files in question have been erased and I have
not had another sample deposited on my system. If that should happen
again, then I will submit the file as you suggested.

My OS (Win2000) has no systems restore.

I have scanned the systems several times and no reports of malware
have come up.

My original post was on topic, because it addressed the vulnerable
period between the activation of DSL and activation of a firewall
like ZoneAlarm. This seems to be a recognized problem and can
be resolved by installing a NAT, at least this is what I read out
of the many replies.

Thank you for your help
G.R.



"@lf" wrote in message news:f5astm$iju$1@ss408.t-com.hr...
> NoSpam wrote:
> ...
> > I know the following: the Antivir Guard tells me which file goes with
the
> > Trojan. This file
> > is actuall there and was installed at the time of report. The Properties
for
> > this file tells me
> > that the Administrator for the installation is my PC-designation. This
file
> > has been created
> > numerous times and conisists of 8 letters, which are obviously chosen at
> > random and the
> > extension of the file is .exe.
> ...
>
> Submit that file on this site http://www.virustotal.com/en/indexf.html
> maybe you will find out with what you are dealing with. I belive your
> system is already compromised. You have active malware which activates
> before ZA initialization is completed and downloads other malware. Best
> solution would be to flat and rebuild i.e. format. But if, for some
> reason, you don't want to do that, turn off system restore, boot into
> safe mode, scan with AV and hope that everything will be OK, maybe you
> will be lucky.
> In addition try to find help somewhere else. Try on some group or forum
> dealing with malware, this group deal with firewalls so your post is a
> bit OT. Maybe somebody might help you to determine how bad your system
> is compromised. Firewall cannot help you anymore.
> Remember, format is a _best_ solution. Leythos gave you a good advice,
> use NAT router in future.

Re: Is there a risk with firewalls?

NoSpam wrote:

> Dear Mr. Arnold,
>
> Among the many responses I found your explanation and advice most useful.
>
> It appears that a NAT router is the safest way to protect my or any PC from
> intenet intrusions occurring at any time and coming from tine Internet?
> True or Flse?


False. A NAT router is not a security device and you should not count un
unreliable side effects.

> There are some additional questions which remain:
> 1.) Is a firewall such as Zone Alarm still needed even if one has a NAT
> router stalled? The NAT router prevents access to the PC from any other site
> but the one the PC has been connected to, but it does not prevent a malware
> program from contacting a site of its choosing.


Neither does ZoneAlarm, albeit trying to create the impression that it could.

> 2.) Why is the vulnerable period between boot and final activation of a
> software firewall not mentioned and described in the help texts for commercial
> software firewalls?


Because security is not intended?

> It appears that Microsoft with Vista has officially

> acknowledged that such a vulnerable period exists.


Huh? Firewalling at boot time was already provided and documented with
Windows XP RTM.

> 3.) Finally you say that a firewall needs two network interface cards one
> facing the internet, the other the local network. There are no such interface
> cars on my PC or on most of the PCs using software firewalls such as Zone
> Alarm. I therefore do not follow your explanation.


Hm? Shouldn't it be "it therefore doesn't follow your explanation, therefore
it actually is no firewall"?

Re: Is there a risk with firewalls?

Hallo "Mr. Arnold" , you wrote:
> "Sebastian G." wrote in message

> > What about Wipfw with STARTUP_BOOT_START? Works quite well.

> Well Wolfgang in the other post, you heard it here first, let me know if
> does as advertised.

At this time it works at home only as a "2nd line of defence" tool to
filter RPC- and CIFS- connections (not accessible after ntsvcfg.de) from
outside and as a time dependend "children protection" tool: So if it is
## o'clock, it's time to sleep - no further connections between this and
the system of my son are possible.

The machine is accessible as web server called ewert homeunix org (I'll
try to install a internet accessible openssh or openvpn daemon on it).
There are more services, this machine offers for local network access at
home.

I'll look for these BOOT-Options for wipfw in the next time.

> > Now, what about not offering any services at boot time? Or better
> > generally?
>
> If one has got to offer the service, then one got to offer the service, like
> HTTP and FTP, etc, etc.

And if one has got to shutdown the firewall service at the same machine?

So it's better to restrict the user to use this or that software
offering services, it is well known as "software restriction policies".

A got place for a firewall is *between* these systems and the untrusted
network.

Wolfgang

--
Nirgendwo hängt der Schulerfolg so stark von Einkommen und Vorbildung
der Eltern ab wie in D'land. Das dt. Schulsystem versagt bei der
Förderung von Arbeiter- und Migrantenkindern. (dpa/FTD 22.11.04)

Re: Is there a risk with firewalls?

"NoSpam" wrote in message
news:l9bei.1557$5h6.497@trnddc05...
> Dear Mr. Arnold,
>
> Among the many responses I found your explanation and advice most useful.
>
> It appears that a NAT router is the safest way to protect my or any PC
> from
> intenet intrusions occurring at any time and coming from tine Internet?
> True or Flse?

The NAT router's job is to stop unsolicted inbound traffic from reaching
your computer. With using a PFW with a machine that has a direct connection
to the modem, which will have a direct connection to the Internet, there is
the time during the boot process, that unsolicted inbound traffic can get
there first before the PFW is up and running on the network connection.

If the machine is connected to the NAT router, then this vulnerabilty is
eliminated if you boot the computer, as it's stopping all unsolicted inbound
traffic. It's best to get a NAT router that has SPI in the solution. which
can do this better, than just a NAT router without SPI.

http://www.homenethelp.com/web/explain/about-NAT.asp

However, if you have malware running on the computer and it's making a
solictation for traffic, then nothing going to stop the solicted traffic not
the NAT router, FW appliance, PFW or host based gateway FW solution.

Let me take that back, you can stop the traffic if you had a standalone FW
solution like a NAT router, FW appliance or a host based FW running on a
gateway computer, protecting a LAN and you knew the inbound or outbound
remote Internet IP and were able to set rules for these types of solutions.

Think about this, if the 3rd PFW was stopping traffic due to possible
malware running on the machine, because you set some kind of rules, then
what happens to those rules during the boot process with the PFW?

>
> There are some additional questions which remain:
> 1.) Is a firewall such as Zone Alarm still needed even if one has a NAT
> router
> stalled? The NAT router prevents access to the PC from any other site
> but
> the one the PC has been connected to, but it does not prevent a
> malware
> program from contacting a site of its choosing. Is this the reason why
> one
> still needs a firewall in addition to a NAT router?

ZA is not a FW solution. ZA is a machine level packet filter running on the
machine at the machine level. Yes, your reasoning has to why someone would
use ZA behind a NAT router is a valid reason, for what it's worth.


> 2.) Why is the vulnerable period between boot and final activation of a
> software
> firewall not mentioned and described in the help texts for commercial
> soft-
> ware firewalls? It appears that Microsoft with Vista has officially
> acknowledged
> that such a vulnerable period exists. ( I found that out the hard
> way.)

I don't know. You'll have to ask producers of the products as to why they
don't make this known.

> 3.) Finally you say that a firewall needs two network interface cards one
> facing
> the internet, the other the local network. There are no such interface
> cars
> on my PC or on most of the PCs using software firewalls such as Zone
> Alarm.
> I therefore do not follow your explanation.

That's because ZA and the others are not FW solutions. They are machine
level packet filters running at the machine level to protect the O/S and
programs running on the local machine. There is no physical separation of
networks using this type of solution.

The NAT router comes closer to being a FW solution than a single machine
running a PFW, because the NAT router has two interfaces the WAN (Wide Area
Network port), the port that's connect to the Internet (facing the
Internet), and the NAT router has the LAN (Local Area Network ports) ports
facing the LAN that machines connect to behind the router.

You can buy more Network Interface Cards and place them into a computer,
with one NIC connected to the WAN side to the modem facing the Internet and
the other NIC(s) in the machine facing the LAN so that other machine can be
connected to those NIC(s). They you can buy a host base FW solution a
network FW solution that can control the traffic between the WAN and LAN.

A PFW such as ZA cannot to that and is not consider a FW solution.

A solution such as the one in the link which has some questions with answers
you may want to review and others are host based software FW solutions that
run on gateway computers, using two or more NIC(s) to protect a network.

http://www.vicomsoft.com/knowledge/reference/firewalls1.html

Here is another link that will help you better understand FW(s).

http://www.more.net/technical/netserv/tcpip/firewalls/

Don't get me wrong now as I am not stupid enough to not use a PFW/packet
filter on my machine when it's not behind my FW appliance and it's connected
to the Internet with a direct connection to a modem or to some foreign LAN
like a wireless cafe. But when the machine is behind my FW appliance, the
PFW is disabled on the machines.

Re: Is there a risk with firewalls?

In message Juergen
Nieveler wrote:

>DevilsPGD wrote:
>
>> I have an equally effective solution, it's my "anti-malware rock", which
>> I keep sitting within 8' of my PC. Since installing the rock, I haven't
>> been hit by any malware.
>
>I've got a bottle of anti-virus pills on top of my CRT, no virus
>problems since putting it there :-)

I might have to try that if I ever need an upgrade to my anti-malware
rock.

--
If quitters never win, and winners never quit,
what fool came up with, "Quit while you're ahead"?

Re: Is there a risk with firewalls?

Dear Mr. Arnold,

Again many thanks for your help and explanations. Your sure are
an angel and I hope you will find time to address some remaining
issues.

Your explanation of the NAT function is very clear and will be
be of interest to many on this forum. There is a question related
to the issue of an unsolicited outgoing call during the vulnerable
period. I would imagine that the probability of such a call must
be very small once the system has been scanned for malware
with a program like AntiVir Guard and nothing has been found.
Am I correct in assuming this? I do of course know that absolute
certainty is a goal which is very difficult to attain and may not
even be required by the average PC user..

What does PFW stand for? Does it stand for Program Fire Wall?

You said:
> Let me take that back, you can stop the traffic if you had a standalone FW
> solution like a NAT router, FW appliance or a host based FW running on a
> gateway computer, protecting a LAN and you knew the inbound or outbound
> remote Internet IP and were able to set rules for these types of
solutions.
My response is:
I am not connected to any LAN. Mine is a stand alone PC. The above would
therefore not apply anyway, true or false? Even if it applied I would not
know
how to set rules. So this paragraph does not really apply to my situation.
T/F?

You said:
> However, if you have malware running on the computer and it's making a
> solictation for traffic, then nothing going to stop the solicted traffic
not
> the NAT router, FW appliance, PFW or host based gateway FW solution.
This raises the question I asked above. Would a system scan with a program
like AntiVir not eliminate this threat with a high degree of probability?

Again thank you
GR.

"Mr. Arnold" wrote in message
news:Iycei.1740$iz5.1206@newsread4.news.pas.earthlink.net...
>
> "NoSpam" wrote in message
> news:l9bei.1557$5h6.497@trnddc05...
> > Dear Mr. Arnold,
> >
> > Among the many responses I found your explanation and advice most
useful.
> >
> > It appears that a NAT router is the safest way to protect my or any PC
> > from
> > intenet intrusions occurring at any time and coming from tine Internet?
> > True or Flse?
>
> The NAT router's job is to stop unsolicted inbound traffic from reaching
> your computer. With using a PFW with a machine that has a direct
connection
> to the modem, which will have a direct connection to the Internet, there
is
> the time during the boot process, that unsolicted inbound traffic can get
> there first before the PFW is up and running on the network connection.
>
> If the machine is connected to the NAT router, then this vulnerabilty is
> eliminated if you boot the computer, as it's stopping all unsolicted
inbound
> traffic. It's best to get a NAT router that has SPI in the solution. which
> can do this better, than just a NAT router without SPI.
>
> http://www.homenethelp.com/web/explain/about-NAT.asp
>
> However, if you have malware running on the computer and it's making a
> solictation for traffic, then nothing going to stop the solicted traffic
not
> the NAT router, FW appliance, PFW or host based gateway FW solution.
>
> Let me take that back, you can stop the traffic if you had a standalone FW
> solution like a NAT router, FW appliance or a host based FW running on a
> gateway computer, protecting a LAN and you knew the inbound or outbound
> remote Internet IP and were able to set rules for these types of
solutions.
>
> Think about this, if the 3rd PFW was stopping traffic due to possible
> malware running on the machine, because you set some kind of rules, then
> what happens to those rules during the boot process with the PFW?
>
> >
> > There are some additional questions which remain:
> > 1.) Is a firewall such as Zone Alarm still needed even if one has a NAT
> > router
> > stalled? The NAT router prevents access to the PC from any other
site
> > but
> > the one the PC has been connected to, but it does not prevent a
> > malware
> > program from contacting a site of its choosing. Is this the reason
why
> > one
> > still needs a firewall in addition to a NAT router?
>
> ZA is not a FW solution. ZA is a machine level packet filter running on
the
> machine at the machine level. Yes, your reasoning has to why someone would
> use ZA behind a NAT router is a valid reason, for what it's worth.
>
>
> > 2.) Why is the vulnerable period between boot and final activation of a
> > software
> > firewall not mentioned and described in the help texts for
commercial
> > soft-
> > ware firewalls? It appears that Microsoft with Vista has officially
> > acknowledged
> > that such a vulnerable period exists. ( I found that out the hard
> > way.)
>
> I don't know. You'll have to ask producers of the products as to why they
> don't make this known.
>
> > 3.) Finally you say that a firewall needs two network interface cards
one
> > facing
> > the internet, the other the local network. There are no such
interface
> > cars
> > on my PC or on most of the PCs using software firewalls such as Zone
> > Alarm.
> > I therefore do not follow your explanation.
>
> That's because ZA and the others are not FW solutions. They are machine
> level packet filters running at the machine level to protect the O/S and
> programs running on the local machine. There is no physical separation of
> networks using this type of solution.
>
> The NAT router comes closer to being a FW solution than a single machine
> running a PFW, because the NAT router has two interfaces the WAN (Wide
Area
> Network port), the port that's connect to the Internet (facing the
> Internet), and the NAT router has the LAN (Local Area Network ports) ports
> facing the LAN that machines connect to behind the router.
>
> You can buy more Network Interface Cards and place them into a computer,
> with one NIC connected to the WAN side to the modem facing the Internet
and
> the other NIC(s) in the machine facing the LAN so that other machine can
be
> connected to those NIC(s). They you can buy a host base FW solution a
> network FW solution that can control the traffic between the WAN and LAN.
>
> A PFW such as ZA cannot to that and is not consider a FW solution.
>
> A solution such as the one in the link which has some questions with
answers
> you may want to review and others are host based software FW solutions
that
> run on gateway computers, using two or more NIC(s) to protect a network.
>
> http://www.vicomsoft.com/knowledge/reference/firewalls1.html
>
> Here is another link that will help you better understand FW(s).
>
> http://www.more.net/technical/netserv/tcpip/firewalls/
>
> Don't get me wrong now as I am not stupid enough to not use a PFW/packet
> filter on my machine when it's not behind my FW appliance and it's
connected
> to the Internet with a direct connection to a modem or to some foreign LAN
> like a wireless cafe. But when the machine is behind my FW appliance, the
> PFW is disabled on the machines.
>

Re: Is there a risk with firewalls?

Mr. Arnold wrote:


> The NAT router's job is to stop unsolicted inbound traffic from reaching
> your computer.


No. The NAT router's job is to provide connectivity by NAT. In fact, a 1:1
masquerading with full forwarding is a perfectly normal option, and even
guessing the target on 1:many is semi-valid. Not to mention that previous
NAT sessions might not have expired yet, and thus the router is forwarding
as well.

> If the machine is connected to the NAT router, then this vulnerabilty is
> eliminated if you boot the computer, as it's stopping all unsolicted
> inbound traffic.

You'd wish...

Re: Is there a risk with firewalls?

NoSpam wrote:

> and will be be of interest to many on this forum.


This is no forum, this is Usenet. A huge difference.

> There is a question related
> to the issue of an unsolicited outgoing call during the vulnerable
> period. I would imagine that the probability of such a call must
> be very small once the system has been scanned for malware
> with a program like AntiVir Guard and nothing has been found.


What a bullshit. How should AntiVir find malware which doesn't want to be
found? Exactly not at all!

> Am I correct in assuming this? I do of course know that absolute
> certainty is a goal which is very difficult to attain


Did you mean "impossible"? Or maybe "not even reliably"?

> Would a system scan with a program

> like AntiVir not eliminate this threat with a high degree of probability?


No, how should it? You really seem to be living in a dream world...

Re: Is there a risk with firewalls?

Sebastian G. wrote:
> NoSpam wrote:
>
>> and will be be of interest to many on this forum.
>
>
> This is no forum, this is Usenet. A huge difference.

So what's this 'huge difference', Seb-mate? Do tell!

Jim Ford

Re: Is there a risk with firewalls?

Post removed (X-No-Archive: yes)

Re: Is there a risk with firewalls?

Dear Sebastian,

I am beginning to doubt that you wish to engage in a serious discussion.

First you seem to be making a lot of a surmised difference between usenet
and a forum. Such a difference may exist in some people's mind, but it is
very clear what was meant and at any rate any difference between usenet
and a forum will have no impact on our subject of discussion. It is a red
herring which you are tyring to plant.

Next you doubt the effectiveness of antiviral programs by stating that
they will not find malware if the malware does not want to be found.
Since malware does not want to be found are you implying that a large
percentage of antiviral programs is of no use? If you do not wish to
imply that, please say so. If you do imply it, please back it up with more
than the surmise, that that which does not want to be detected, will not
be detected.

Thank you for trying and I hope that from now on you will andere zum
Narren halten.

GR.


"Sebastian G." wrote in message
news:5dtfo7F35ruqdU1@mid.dfncis.de...
> NoSpam wrote:
>
> > and will be be of interest to many on this forum.
>
>
> This is no forum, this is Usenet. A huge difference.
>
> > There is a question related
> > to the issue of an unsolicited outgoing call during the vulnerable
> > period. I would imagine that the probability of such a call must
> > be very small once the system has been scanned for malware
> > with a program like AntiVir Guard and nothing has been found.
>
>
> What a bullshit. How should AntiVir find malware which doesn't want to be
> found? Exactly not at all!
>
> > Am I correct in assuming this? I do of course know that absolute
> > certainty is a goal which is very difficult to attain
>
>
> Did you mean "impossible"? Or maybe "not even reliably"?
>
> > Would a system scan with a program
>
> > like AntiVir not eliminate this threat with a high degree of
probability?
>
>
> No, how should it? You really seem to be living in a dream world...

Re: Is there a risk with firewalls?

Post removed (X-No-Archive: yes)

Re: Is there a risk with firewalls?

Casey wrote:


> Guess you are referring to a software firewall.
> My Sygate firewall has the two following selectible items:
> 1. Automatically load Sygate personal firewall service at
> startup.
> 2.Block all traffic while service is not loaded.
> These prevent the "gap"


This is, of course, nonsense. Where's talking about the time between the
initialization of the TCP/IP stack and the startup of the packet filtering
*driver*. Who cares if the drives blocks everything when the service is not
loaded if the driver isn't loaded yet either?

Beside that, Sygate stuff is horribly insecure as well.

Re: Is there a risk with firewalls?

NoSpam wrote:


> Next you doubt the effectiveness of antiviral programs by stating that
> they will not find malware if the malware does not want to be found.
> Since malware does not want to be found are you implying that a large
> percentage of antiviral programs is of no use?


Yes and no. Your assumption that most malware doesn't want to be found is
pretty wrong today, as strange as this might sound.

> please back it up with more

> than the surmise, that that which does not want to be detected, will not
> be detected.


Simple: Virus scanners detect malware by signature. Malware can transform
its own code to expose any pattern.

Why exactly do you think that only stupid malware would have abused your
security vulnerability?

Re: Is there a risk with firewalls?

In article , NoSpam@verizon.net says...
> I am beginning to doubt that you wish to engage in a serious discussion.

And you just figured that you - SG and his group of zealots never really
provide anything other than diversions and arguments.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?

In article ,
void@nowhere.lan says...
> In article , NoSpam@verizon.net says...
> > I am beginning to doubt that you wish to engage in a serious discussion.
>
> And you just figured that you - SG and his group of zealots never really
> provide anything other than diversions and arguments.

Crap - brain working faster than fingers. Should have typed "figured
that out"

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?

"Wolfgang Ewert" wrote in message
news:i90ok4-0jd.ln1@news.wolfgang.ewert.com...
> Hallo "Mr. Arnold" , you wrote:
>> "Sebastian G." wrote in message
>
>> > What about Wipfw with STARTUP_BOOT_START? Works quite well.
>
>> Well Wolfgang in the other post, you heard it here first, let me know if
>> does as advertised.
>
> At this time it works at home only as a "2nd line of defence" tool to
> filter RPC- and CIFS- connections (not accessible after ntsvcfg.de) from
> outside and as a time dependend "children protection" tool: So if it is
> ## o'clock, it's time to sleep - no further connections between this and
> the system of my son are possible.
>
> The machine is accessible as web server called ewert homeunix org (I'll
> try to install a internet accessible openssh or openvpn daemon on it).
> There are more services, this machine offers for local network access at
> home.
>
> I'll look for these BOOT-Options for wipfw in the next time.
>
>> > Now, what about not offering any services at boot time? Or better
>> > generally?
>>
>> If one has got to offer the service, then one got to offer the service,
>> like
>> HTTP and FTP, etc, etc.
>
> And if one has got to shutdown the firewall service at the same machine?

You take the machine offline.
>
> So it's better to restrict the user to use this or that software
> offering services, it is well known as "software restriction policies".

I'll sit my machine behind a FW appliance or packet filtering FW router
that's not running with the O/S on the machine.

And if I need to stop contact with a service running on a machine behind
them, I'll set a rule to close those ports the service is offering.

On the other hand, on my laptop that runs services, which are protected by
Vista's FW/packet filter and when the laptop is connected to something other
than my LAN, it's not coming down. So I don't worry about something like
that. And if I do have to take the FW down in that situation, then it's not
going to be connected to any network, period.

Re: Is there a risk with firewalls?

You are nothing but a rude and obnoxious two bit bastard that knows no end
to being an ass-hole.

Re: Is there a risk with firewalls?

>> If the machine is connected to the NAT router, then this vulnerabilty is
>> eliminated if you boot the computer, as it's stopping all unsolicted
>> inbound traffic.
>
> You'd wish...

Will you please saddle up your cockroach and ride out of this thread because
99.9% of the time, you are a worthless POS.

Re: Is there a risk with firewalls?

"NoSpam" wrote in message
news:whdei.1579$5h6.234@trnddc05...
> Dear Mr. Arnold,
>
> Again many thanks for your help and explanations. Your sure are
> an angel and I hope you will find time to address some remaining
> issues.
>
> Your explanation of the NAT function is very clear and will be
> be of interest to many on this forum. There is a question related
> to the issue of an unsolicited outgoing call during the vulnerable
> period. I would imagine that the probability of such a call must
> be very small once the system has been scanned for malware
> with a program like AntiVir Guard and nothing has been found.

> Am I correct in assuming this?

Malware can circumvent such a solution easily. Those types of solutions are
dependent upon a signature file as an example. If it's not something that's
recognizable, like a zero day exploit -- never has been seen before, then
it's going to be missed by such solutions. Malware can set itself up if it
gets on the machine so that an anti-malware solution cannot detect it or not
easily.

That's why I like to use other tools like Active Port or CurrPort, Process
Explorer and other such solutions and go look around from time to time to
see what is running.

http://preview.tinyurl.com/klw1


> I do of course know that absolute
> certainty is a goal which is very difficult to attain and may not
> even be required by the average PC user.

To be honest, the average PC user doesn't have a *clue* about it, none. And
that;s part of the problem is that average PC users are ignorant of the
issues. Most of them really don't care that much, either. They just want to
turn the computer on and go/use it, without thinking about what he or she is
doing.

>
> What does PFW stand for? Does it stand for Program Fire Wall?

Personal Fire Wall
>
> You said:
>> Let me take that back, you can stop the traffic if you had a standalone
>> FW
>> solution like a NAT router, FW appliance or a host based FW running on a
>> gateway computer, protecting a LAN and you knew the inbound or outbound
>> remote Internet IP and were able to set rules for these types of
> solutions.

> My response is:
> I am not connected to any LAN. Mine is a stand alone PC. The above would
> therefore not apply anyway, true or false?

False. Your computer is directly connected to the WAN (Wide Area
Network)/Internet. You should be even more concern with this type of
connection.

> Even if it applied I would not
> know
> how to set rules. So this paragraph does not really apply to my situation.
> T/F?

Well, you need to learn how to set rules. And this is what this NG is here
for is to help you do that. But that's what this NG use to be, but because
of one person I can think of in the NG and others, they chase people off or
potential posters don't post period due to the hostility and intimidation by
the few in this NG. It's good to see someone like you that is not
intimidated by them.

>
> You said:
>> However, if you have malware running on the computer and it's making a
>> solictation for traffic, then nothing going to stop the solicted traffic
> not
>> the NAT router, FW appliance, PFW or host based gateway FW solution.
> This raises the question I asked above. Would a system scan with a program
> like AntiVir not eliminate this threat with a high degree of probability?

No. It may catch a few things. But then on the other hand, it may not catch
anything due to the reasons I have already given.

Re: Is there a risk with firewalls?

NoSpam wrote:
....
> I have scanned the systems several times and no reports of malware
> have come up.
....

That is good, maybe you are lucky. But, let think, are you only one
persone on world using Win2000 with ZA? No. Does other people having
similar configuration like you have a same problem? (downloading of
malware during mentioned period)? I belive not, am I wrong? Why do you
have? What is the reason? It does not have to be malware, but
probability is high. Try to scan with some on-line scanner (Kaspersky is
OK). You can also try to download http://www.hijackthis.de/en rename it
for example _root_dummy.exe and submit log to mentioned site.
Best would be to ask somebody, who knows more than you, to check your
hijackthis log and system for misconfiguration. Something is definetly
wrong on your system. Are you running some server applicatons?
http://www.antirootkit.com/software/IceSword.htm this is interesting
utility, you may find it usefull. Check running processes and listening
ports.

NAT router will prevent dowloading of malware in future, but it will not
fix your system, you have to do that.

Re: Is there a risk with firewalls?

Dear Mr. Arnold,

No, I am not intimidated by trolls. They are easy to recognize by their in-
ability to address a problem, their lack of good grammar and the absence
of social grace.

You said in your mail:

>That's why I like to use other tools like Active Port or CurrPort, Process
>Explorer and other such solutions and go look around from time to time to
>see what is running.

The program Antivir Guard has the ability to scan "Laufende Prozesse", that
is "Ongoing Processes". Is that in some way equivalent to Process Explorer?
If
no ongoing processes are found and maleware can turn itself on and off
according to some algorithm, such a program might not be too valuable.

Greetings
GR.

Re: Is there a risk with firewalls?

Dear Alf,

Other people with the same configuration may have the same problem and
not recognize it! It occured only once during the vulnerable period and
AntiVir Guard caught it. There were however some six of these files on
my PC from earlier unrecognized events. I am sorry I erased them all
and did not keep a copy.

I have observed with an earlier version of ZoneAlarm, that immediately
after booting up, a ping comes in. It is either from the IPS or from some
other scanner. So there is a way to find PC,s which have just booted
up. This could be the reason why I have been hit with that malware, rather
than by malware residing on my PC calling out for more malware.

Newer versions of ZoneAlarm have done away with this reporting be-
cause it led to very frequent reports which were apparently a nuisance
and not of concern.

To answer your question whether I am running a server: I do not.

Greetings and thanks
GR.


"@lf" wrote in message news:f5dlv0$76m$1@ss408.t-com.hr...
> NoSpam wrote:
> ...
> > I have scanned the systems several times and no reports of malware
> > have come up.
> ...
>
> That is good, maybe you are lucky. But, let think, are you only one
> persone on world using Win2000 with ZA? No. Does other people having
> similar configuration like you have a same problem? (downloading of
> malware during mentioned period)? I belive not, am I wrong? Why do you
> have? What is the reason? It does not have to be malware, but
> probability is high. Try to scan with some on-line scanner (Kaspersky is
> OK). You can also try to download http://www.hijackthis.de/en rename it
> for example _root_dummy.exe and submit log to mentioned site.
> Best would be to ask somebody, who knows more than you, to check your
> hijackthis log and system for misconfiguration. Something is definetly
> wrong on your system. Are you running some server applicatons?
> http://www.antirootkit.com/software/IceSword.htm this is interesting
> utility, you may find it usefull. Check running processes and listening
> ports.
>
> NAT router will prevent dowloading of malware in future, but it will not
> fix your system, you have to do that.

Re: Is there a risk with firewalls?

NoSpam wrote:
> Other people with the same configuration may have the same problem and
> not recognize it!

Hm, hm... I doubt.

> It occured only once during the vulnerable period and
> AntiVir Guard caught it.

Maybe I'm paranoid afterall. It is your system, you know better what is
going on there. If you said it is clean, OK then it is clean.
Now don't loose your time replying on this post. Configure your NAT
router and keep on working normally.

Good luck.

Re: Is there a risk with firewalls?

NoSpam wrote:
> You said in your mail:
>> That's why I like to use other tools like Active Port or CurrPort,
>> Process Explorer and other such solutions and go look around from
>> time to time to see what is running.
>
> The program Antivir Guard has the ability to scan "Laufende Prozesse",
> that is "Ongoing Processes".

"Running Processes" would be a more fitting translation. If I read this
correctly, then AntiVir Guard scans the memory areas a program's code is
loaded to while the program is being executed.

> Is that in some way equivalent to Process Explorer?

Process Explorer only lists processes, it doesn't scan them.

> If no ongoing processes are found and maleware can turn itself on and
> off according to some algorithm, such a program might not be too
> valuable.

Malware doesn't turn itself on.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Is there a risk with firewalls?

Dear Ansgar, dear Mr. Arnold,

First: Win2k, my OS has the Task Manager. This program lists all running
processes.
It would be hard to discover malware among the various filenames it lists.
Since
Task Manager list running processes, Process Explorer would be superfluous,
true?

Second: Does malware run all the time? Your post seems to indicate so.
Task Manager indicates CPU usage. This would help to verify that malware
is running!

Third: I do not know what exactly AntiVir Guard scans under Laufende Pro-
zesse. All I know is that it says it scans "Laufende Prozesse".

I have done a scan with Kaspersky of the most sensitive area. The result
showed
21 infected files and 2 Viruses. The final report lists the 21 files as
not-a-virus
AD files BUT it lists no virus.The Ad-files are like those I have located
previously.
They consists of a randomly selected sequence of 8 letters, the extension is
..dll
and they are in C:\WINNT\System32.

An example would be njmfgxfp.dll. They are all 124 436 bytes long and were
created between June 15 and 18. Kaspersky calls them not-virus:AdWare.Win32.
Virtumonde.ki with no other info available and their definitions were added
to
Kaspersky's list on 14 June.
AntiVir Guard did not identify these 21 files nor any virus.

Why did Kaspersky not list the two Viruses they claim to have found?

Any comments?


Thank you
GR.


"Ansgar -59cobalt- Wiechers" wrote in message
news:f5e3nbU2m6L1@news.in-ulm.de...
> NoSpam wrote:
> > You said in your mail:
> >> That's why I like to use other tools like Active Port or CurrPort,
> >> Process Explorer and other such solutions and go look around from
> >> time to time to see what is running.
> >
> > The program Antivir Guard has the ability to scan "Laufende Prozesse",
> > that is "Ongoing Processes".
>
> "Running Processes" would be a more fitting translation. If I read this
> correctly, then AntiVir Guard scans the memory areas a program's code is
> loaded to while the program is being executed.
>
> > Is that in some way equivalent to Process Explorer?
>
> Process Explorer only lists processes, it doesn't scan them.
>
> > If no ongoing processes are found and maleware can turn itself on and
> > off according to some algorithm, such a program might not be too
> > valuable.
>
> Malware doesn't turn itself on.
>
> cu
> 59cobalt
> --
> "If a software developer ever believes a rootkit is a necessary part of
> their architecture they should go back and re-architect their solution."
> --Mark Russinovich

Re: Is there a risk with firewalls?

NoSpam wrote:
> First: Win2k, my OS has the Task Manager. This program lists all
> running processes.
> It would be hard to discover malware among the various filenames it
> lists. Since Task Manager list running processes, Process Explorer
> would be superfluous, true?

Wrong, since Process Explorer shows *way* more (crucial) information
about processes than the Windows Task Manager. These informations help
identifying rogue processes.

> Second: Does malware run all the time? Your post seems to indicate so.
> Task Manager indicates CPU usage. This would help to verify that
> malware is running!

Malware doesn't necessarily run all the time. However, it does not start
all by itself, but needs some mechanism to be run. That can be the user,
one of the many autorun-mechanisms Windows provides, the task scheduler
or several other ways.

> Third: I do not know what exactly AntiVir Guard scans under Laufende
> Prozesse. All I know is that it says it scans "Laufende Prozesse".

Usually virus scanners scan only files. As I said before "Laufende
Prozesse" means "running processes", which would imply that AntiVir
Guard scans not only files on your harddisk but also the processes in
your RAM.

> I have done a scan with Kaspersky of the most sensitive area. The
> result showed 21 infected files and 2 Viruses. The final report lists
> the 21 files as not-a-virus AD files BUT it lists no virus.The
> Ad-files are like those I have located previously. They consists of a
> randomly selected sequence of 8 letters, the extension is .dll and
> they are in C:\WINNT\System32.
>
> An example would be njmfgxfp.dll. They are all 124 436 bytes long and
> were created between June 15 and 18. Kaspersky calls them
> not-virus:AdWare.Win32. Virtumonde.ki with no other info available and
> their definitions were added to Kaspersky's list on 14 June.
> AntiVir Guard did not identify these 21 files nor any virus.
>
> Why did Kaspersky not list the two Viruses they claim to have found?

Because you configured it not to? Because it was manipulated by some
malware? Because the stars are not right? There's no way to tell without
a closer examination of your system.

However, apparently your system was compromised, and whatever did this
had administrative privileges (because it was able to create files in
%SystemRoot%\system32). You can't trust anything any software running on
a compromised system tells you. The only reasonable way to clean your
system is to backup your data (expressly excluding any kind of
executable), and then flatten and rebuild your system.

http://www.microsoft.com/technet/community/columns/secmgmt/s m0504.mspx

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Is there a risk with firewalls?

"NoSpam" wrote in message
news:Tovei.3628$Zh6.3356@trnddc04...
> Dear Mr. Arnold,
>
> No, I am not intimidated by trolls. They are easy to recognize by their
> in-
> ability to address a problem, their lack of good grammar and the absence
> of social grace.
>
> You said in your mail:
>
>>That's why I like to use other tools like Active Port or CurrPort, Process
>>Explorer and other such solutions and go look around from time to time to
>>see what is running.
>
> The program Antivir Guard has the ability to scan "Laufende Prozesse",
> that
> is "Ongoing Processes". Is that in some way equivalent to Process
> Explorer?

No, it's not even in the ballpark with PE.

> If
> no ongoing processes are found and maleware can turn itself on and off
> according to some algorithm, such a program might not be too valuable.

Malware likes to piggy back off of other processes that are running to hide
or disguise itself, so that it's not easily spotted.

And Task Manager is no match for Process Explorer, because Task Manager only
allows you to see the top process that's running.

PE allows you to not only to see a top process that's running, but it also
allows you to look inside that top process and see the hidden processes that
are being hosted by the top process, such as a possible malware process.

Re: Is there a risk with firewalls?

Mr. Arnold wrote:


> Will you please saddle up your cockroach and ride out of this thread because
> 99.9% of the time, you are a worthless POS.

I'd title this post: "self-exposure of a troll"

Re: Is there a risk with firewalls?

Mr. Arnold wrote:


> And Task Manager is no match for Process Explorer, because Task Manager only
> allows you to see the top process that's running.
>
> PE allows you to not only to see a top process that's running, but it also
> allows you to look inside that top process and see the hidden processes that
> are being hosted by the top process, such as a possible malware process.

But you're at least aware that you're either totally oversimplifying or
talking utter bullshit?

Re: Is there a risk with firewalls?

It's not read go away. You are a lunatic.

that's a soft logical .

Re: Is there a risk with firewalls?

You read my other post. It applies to you here as well.

Re: Is there a risk with firewalls?

One other thing here, you don't need to answer any of it, please.

Do you even notice what a nuisance you are in this NG, and how you have
dragged this NG down?

Do you even notice how most of the regulars pretty much mind their own
business and post to the OP while you in the meantime attack everyone with
running up and down the threads?

This NG use to be a lot livelier with a mixture of professionals and
non-professionals that frequent the NG seeking help, until you showed one
day out from under a rock and started choking the NG out. :(

Re: Is there a risk with firewalls?

Mr. Arnold wrote:


> Do you even notice how most of the regulars pretty much mind their own
> business and post to the OP while you in the meantime attack everyone with
> running up and down the threads?


So far, I can only see this applying to you.

Oh, and would you please stop giving ill-advised suggestions that even you
should know how wrong they are? This guy is about to actually buy a NAT
router, which will just make everything fail again.

Re: Is there a risk with firewalls?

You replied anyway, my God. When you're in this state of mind with pure lip
dribbling, you know I am not reading it. :)

What a problem you have that you cannot control yourself with your postings
in this NG.

Re: Is there a risk with firewalls?

Sebastian G. wrote:
> Mr. Arnold wrote:
>
>
>> Do you even notice how most of the regulars pretty much mind their own
>> business and post to the OP while you in the meantime attack everyone with
>> running up and down the threads?
>
>
> So far, I can only see this applying to you.

If you'd pull your head from whatever holes it's currently in, you'd realize
that your methods of "teaching" are anything but constructive.

--
Notan

Re: Is there a risk with firewalls?

Notan wrote:

> you'd realize that your methods of "teaching" are anything but constructive.

Now what about one step after another? First deconstructing the nonsense,
then thinking about the problem again, and then you'll start building a real
solution.

Sorry for not suggesting a solution without even thinking about the problem
again for figuring out what the actual problem is.

Re: Is there a risk with firewalls?

Sebastian G. wrote:
> Notan wrote:
>
>> you'd realize that your methods of "teaching" are anything but constructive.
>
> Now what about one step after another? First deconstructing the nonsense,
> then thinking about the problem again, and then you'll start building a real
> solution.
>
> Sorry for not suggesting a solution without even thinking about the problem
> again for figuring out what the actual problem is.

You just don't get it.

From what I've read, you've got a bunch of knowledge, but your attitude and
method of presentation is so condescending, among other negative attributes,
that it's all but wasted.

--
Notan

Re: Is there a risk with firewalls?

"Notan" wrote in message
news:yJmdnaPG-LUKTObbnZ2dnUVZ_rXinZ2d@giganews.com...
> Sebastian G. wrote:
>> Mr. Arnold wrote:
>>
>>
>>> Do you even notice how most of the regulars pretty much mind their own
>>> business and post to the OP while you in the meantime attack everyone
>>> with running up and down the threads?
>>
>>
>> So far, I can only see this applying to you.
>
> If you'd pull your head from whatever holes it's currently in, you'd
> realize
> that your methods of "teaching" are anything but constructive.
>

He'll never get the message. He has not gotten the message to date, and
it's been made obvious to him by a few people in this NG over a several
months period.

It's really a shame about him. He obviously has great knowledge or seems to
have the knowledge.

But he is so messed-up as Human Being that he is beyond help with his
teaching methods, mannerisms, and in general, a lack of basic knowledge on
how to treat people.

He has dragged the NG down to the point that no one wants to make a post in
this NG, because he is liable to show and start going out of control. :(

Re: Is there a risk with firewalls?

Notan wrote:


> From what I've read, you've got a bunch of knowledge, but your attitude and
> method of presentation is so condescending,


The word you were searching for might have been "honest" or "direct". As you
might understand, this is a place for discussing, not for cuddling and soft
caressing. If some people have a problem with that, it's definitely not my
fault.

BTW, isn't this getting a little bit offtopic?

Now, would someone please get a point that typical NAT router don't
magically drop every packet with unknown target, but rather takes measure
of guessing the target and forwarding it by chance? That's why Stephen's
suggestion is so misguided, since it won't help at all with protecting a
vulnerable system.

Re: Is there a risk with firewalls?

Sebastian G. wrote:
> Notan wrote:
>
>
>> From what I've read, you've got a bunch of knowledge, but your attitude and
>> method of presentation is so condescending,
>
>
> The word you were searching for might have been "honest" or "direct".

The word is "condescending"

Honest and direct.

--
Notan

Re: Is there a risk with firewalls?

Sebastian G. wrote:


> Now, would someone please get a point that typical NAT router don't
> magically drop every packet with unknown target, but rather takes
> measure of guessing the target and forwarding it by chance? That's
> why Stephen's suggestion is so misguided, since it won't help at all
> with protecting a vulnerable system.


what do you mean 'guess the target' ?

If the NAT router receives an incoming it blocks it, unless port
forwarding has been set up.

I don't see any guessing.

Re: Is there a risk with firewalls?

Mr. Arnold wrote:

>
> "Notan" wrote in message
> news:yJmdnaPG-LUKTObbnZ2dnUVZ_rXinZ2d@giganews.com...
> > Sebastian G. wrote:
> > > Mr. Arnold wrote:
> > >
> > >
> > > > Do you even notice how most of the regulars pretty much mind
> > > > their own business and post to the OP while you in the
> > > > meantime attack everyone with running up and down the threads?
> > >
> > >
> > > So far, I can only see this applying to you.
> >
> > If you'd pull your head from whatever holes it's currently in,
> > you'd realize that your methods of "teaching" are anything but
> > constructive.
> >
>
> He'll never get the message. He has not gotten the message to date,
> and it's been made obvious to him by a few people in this NG over a
> several months period.
>
> It's really a shame about him. He obviously has great knowledge or
> seems to have the knowledge.
>
> But he is so messed-up as Human Being that he is beyond help with his
> teaching methods, mannerisms, and in general, a lack of basic
> knowledge on how to treat people.
>
> He has dragged the NG down to the point that no one wants to make a
> post in this NG, because he is liable to show and start going out of
> control. :(

He is very technical. You, Duane Arnold, are much much worse in your
way!

Remember,
software/hardware Firewall tradeoff in comp.security.firewalls
Aug 2006
http://groups.google.com/group/comp.security.firewalls/brows e_frm/thread
/a7e5dda7363a93bf/a6b4bdb06b7f97e7


and that referred to
The thread was called
It had a fantastic discussion, really interesting. But you ruined it
somewhat. But nevertheless, it's still good

"56k dial up on laptop 802.11G ?" in alt.internet.wireless
http://groups.google.com/group/alt.internet.wireless/browse_ frm/thread/c
132d2059daa241b/d796ef5184680e55?lnk=st&q=%2256k+dial+up+on+ laptop+802.1
1G+%3F%22++in+alt.internet.wireless+&rnum=1#d796ef5184680e55

And this was on the same subject. You have a history of being a
nuisance, far more so than the person you are targetting today.

your style is predictable, you don't discuss the nitty gritty,or share
knowledge. You just say 'do it this way', and after posts and post of
you avoiding discussion when faced with somebody knowledgeable enough,
, or of you avoiding duscsion anyway, and name-calling, your method
comes out.. you say that your stuff is based on conclusions from those
you call the top guns of the newsgroup, and you accept it. Very well,
but not so good if you try to argue their case. At least quote them.

As time goes by, you may improve a tiny little bit, when you learn a
little more from your 'top guns'. But when faced with aruging with
somebody knowledgeale whose position is different to one of your 'top
guns' you go back to name-calling and personal attacks


So, Duane Arnold, one option for you, is to realise you have a problem
.. Then stop the personal attacks against people you can't debate with,
and people you could partially debate with.

Re: Is there a risk with firewalls?

jameshanley39@yahoo.co.uk wrote:

>> Now, would someone please get a point that typical NAT router don't
>> magically drop every packet with unknown target, but rather takes
>> measure of guessing the target and forwarding it by chance? That's
>> why Stephen's suggestion is so misguided, since it won't help at all
>> with protecting a vulnerable system.
>
>
> what do you mean 'guess the target' ?


Exactly that: Applying some programmed algorithm that selects the most
likely target. For example, if the router assigns IP adresses via DHCP and
has only seen one client so far, he could forward everything there. Or if
there are multiple clients and one has eMule running, the router has already
seen TCP segments on port 4662, then incoming packets with ports 4661, 4665
and 4672 are forwarded there. Or if he saw an FTP connection and read a PORT
command, it might also setup the appropriate forwarding.

> If the NAT router receives an incoming it blocks it, unless port
> forwarding has been set up.


That's how it should be.
However, the implementors are interested on providing maximum connectivity
and reducing support costs. If the router does some good guessing, the better.

> I don't see any guessing.

Well, did you actually test your router's implementation?

Re: Is there a risk with firewalls?

Sebastian G. wrote:

> jameshanley39@yahoo.co.uk wrote:
>
> > > Now, would someone please get a point that typical NAT router
> > > don't magically drop every packet with unknown target, but rather
> > > takes measure of guessing the target and forwarding it by chance?
> > > That's why Stephen's suggestion is so misguided, since it won't
> > > help at all with protecting a vulnerable system.
> >
> >
> > what do you mean 'guess the target' ?
>
>
> Exactly that: Applying some programmed algorithm that selects the
> most likely target. For example, if the router assigns IP adresses
> via DHCP and has only seen one client so far, he could forward
> everything there. Or if there are multiple clients and one has eMule
> running, the router has already seen TCP segments on port 4662, then
> incoming packets with ports 4661, 4665 and 4672 are forwarded there.
> Or if he saw an FTP connection and read a PORT command, it might also
> setup the appropriate forwarding.
>
> > If the NAT router receives an incoming it blocks it, unless port
> > forwarding has been set up.
>
>
> That's how it should be.
> However, the implementors are interested on providing maximum
> connectivity and reducing support costs. If the router does some good
> guessing, the better.
>
> > I don't see any guessing.
>

interesting

> Well, did you actually test your router's implementation?

not for lack of trying!!

I vaguely recall an issue or issues that stopped me.

I wanted to analyse what connections were going on using netstat, but
once a connection is established, you can't know for sure if it's
incoming or outgoing. You have to guess based on port number (whether
the port number is high or low). I wasn't content with that.

I guess the term I should use is that netstat is not stateful.


What methods are there, to know if an established connection is
incoming or outgoing?

I did at one point use ethereal with a filter, that worked. But i'm
interested in other methods.

Also, one weakness with ethereal used as a local port monitor, is ,
unlike netstat, it doesn't show what process is using a port. Not
suprising, since 'by concept' it's not meant for that 'cos the process
id is not in a packet!

Another thing I wanted to test further.. 2 comps A and B communicating
with MSN v6.x or later, sending each other a file.
(I've since read that it might use a 'relay server', server sits in the
middle, and A nd B make an outgoing to that)
But anyhow, I recall seeing B's ip , and the connection was was
incoming
71.4.5.2:1118 TO 192.168.0.2:2344
And I thought.. hang on, my router isn't port forwarding 2344, is it?
I did an online port scan and it didn't show it as open (though maybe
that was irrelevant since it turned out that it wasn't open locally
either)
I did a local port scan , from another comp on my lan, and it said
closed or filtered. Not open.

I didn't understand that. And in retrospect, i'm still puzzled, maybe
it was only open to that 71... ip. but I didn't know how to spoof that
to check, I guess i could've asked the friend to scan from his comp.

I don't think my router had that port open.. Maybe it was acting a bit
like some proxies (the ones kids might use at school to get out of a
firewall). I don't mean like a proxy in changing the source ip to its
own, but, in changing the TCP port. So maybe one port - not 2344 - was
being port forwarded by my router, and through it I was getting
incoming connections to my comp at other ports.

I didn't and still don't know how to analyse that further.

and the speedtouch NAT router i have at the moment has such an ugly GUI
I can't see what it's port forwarding in one screen. It's reliable
though, unlike previous ones i've had.

Re: Is there a risk with firewalls?

"Sebastian G." wrote:
> jameshanley39@yahoo.co.uk wrote:
>
>> If the NAT router receives an incoming it blocks it, unless port
>> forwarding has been set up.
>
>
> That's how it should be.
> However, the implementors are interested on providing maximum connectivity
> and reducing support costs. If the router does some good guessing, the
> better.
>
>> I don't see any guessing.
>
> Well, did you actually test your router's implementation?

Sebastian, Interesting... I'm about to buy a NAT firewall, any ideas on what
manufacturers, models or features I should look for? Thanks!

Re: Is there a risk with firewalls?

In article ,
nospam@no.spam says...
> "Sebastian G." wrote:
> > jameshanley39@yahoo.co.uk wrote:
> >
> >> If the NAT router receives an incoming it blocks it, unless port
> >> forwarding has been set up.
> >
> >
> > That's how it should be.
> > However, the implementors are interested on providing maximum connectivity
> > and reducing support costs. If the router does some good guessing, the
> > better.
> >
> >> I don't see any guessing.
> >
> > Well, did you actually test your router's implementation?
>
> Sebastian, Interesting... I'm about to buy a NAT firewall, any ideas on what
> manufacturers, models or features I should look for? Thanks!

Do you want a Firewall that does NAT or a NAT Router that says it's a
Firewall - there is a very big difference?

What are you doing from behind your internet connection?

Do you have a website that you allow the public access too?

Do you share files?

Do you have a FTP site?

How much do you want to spend?

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?

"Leythos" wrote:
> Do you want a Firewall that does NAT or a NAT Router that says it's a
> Firewall - there is a very big difference?

Oops!.. Sorry for the missing info. I like the fact of having a NAT router
as a first line of defense. Then I would like a software firewall so I
control what my program connects to (like that nasty svchost.exe that I
always blocked). After a year I had to uninstall the Sunbelt-Kerio firewall,
becuase I had it with so many issues after upgrading to new releases.

> What are you doing from behind your internet connection?

No much, just the ussual: a desktop PC with XP SP2 and Web browsing, email
client, rss client, IM, news client, antivirus, and P2P.

> Do you have a website that you allow the public access too?

Nope. I was told I needed to pay a static IP address. So I abandoned the
idea long ago.

> Do you share files?

Nope. I was adviced that if my PC was the only one on a network I needed to
turn the Microsoft Print and Sharing off. I may get a laptop later though.

> Do you have a FTP site?

Nope.

> How much do you want to spend?

Hmm... I didn't think it could cost 2$$, but I don't have an unlimited
budget. I'll have to think about it more after I see the range.

Re: Is there a risk with firewalls?

In article ,
nospam@no.spam says...
> "Leythos" wrote:
> > Do you want a Firewall that does NAT or a NAT Router that says it's a
> > Firewall - there is a very big difference?
>
> Oops!.. Sorry for the missing info. I like the fact of having a NAT router
> as a first line of defense. Then I would like a software firewall so I
> control what my program connects to (like that nasty svchost.exe that I
> always blocked). After a year I had to uninstall the Sunbelt-Kerio firewall,
> becuase I had it with so many issues after upgrading to new releases.

Forget the soft firewall as being effective and being any real means of
protection - in most cases it's going to get compromised at some point
and the soft firewall isn't going to protect you. On the flip side I've
seen ZAP protect a home user for years with a direct connection (no NAT)
to the internet...

> > What are you doing from behind your internet connection?
>
> No much, just the ussual: a desktop PC with XP SP2 and Web browsing, email
> client, rss client, IM, news client, antivirus, and P2P.
>
> > Do you have a website that you allow the public access too?
>
> Nope. I was told I needed to pay a static IP address. So I abandoned the
> idea long ago.
>
> > Do you share files?
>
> Nope. I was adviced that if my PC was the only one on a network I needed to
> turn the Microsoft Print and Sharing off. I may get a laptop later though.
>
> > Do you have a FTP site?
>
> Nope.
>
> > How much do you want to spend?
>
> Hmm... I didn't think it could cost 2$$, but I don't have an unlimited
> budget. I'll have to think about it more after I see the range.

I like the D-Link DFL-700 because it has real blocking methods, real DMZ
and LAN networks, acts as a PPTP server and can provide port forwarding
inbound based on you authenticating with the device first....

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?

LOL, I have a fan. :)

However, until today, I have not noticed you before until this post. I
don't see you helping anyone anywhere. I wonder why? And SG is more
technical is a joke too. The boy couldn't technique his way out of a paper
sack, and nether can you.

that's a soft logical and go crawl back into your hole, with
SG. :)

Re: Is there a risk with firewalls?

OH MY GOD, you're actually being civil. What came over you? Is this a new
you?

I am proud of you, keep up the good work and hang in there.

Re: Is there a risk with firewalls?

"Leythos" wrote:

> Forget the soft firewall as being effective and being any real means of
> protection - in most cases it's going to get compromised at some point
> and the soft firewall isn't going to protect you. On the flip side I've
> seen ZAP protect a home user for years with a direct connection (no NAT)
> to the internet...
>
> I like the D-Link DFL-700 because it has real blocking methods, real DMZ
> and LAN networks, acts as a PPTP server and can provide port forwarding
> inbound based on you authenticating with the device first....

Thanks a lot Leythos!

Re: Is there a risk with firewalls?

In article ,
nospam@no.spam says...
> "Leythos" wrote:
>
> > Forget the soft firewall as being effective and being any real means of
> > protection - in most cases it's going to get compromised at some point
> > and the soft firewall isn't going to protect you. On the flip side I've
> > seen ZAP protect a home user for years with a direct connection (no NAT)
> > to the internet...
> >
> > I like the D-Link DFL-700 because it has real blocking methods, real DMZ
> > and LAN networks, acts as a PPTP server and can provide port forwarding
> > inbound based on you authenticating with the device first....
>
> Thanks a lot Leythos!

If you need something more, there are a LOT of firewall in the $300 to
$500 range that can do even more.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Is there a risk with firewalls?

"Leythos" wrote:
>> "Leythos" wrote:
>>
>> > Forget the soft firewall as being effective and being any real means of
>> > protection - in most cases it's going to get compromised at some point
>> > and the soft firewall isn't going to protect you. On the flip side I've
>> > seen ZAP protect a home user for years with a direct connection (no
>> > NAT)
>> > to the internet...
>> >
>> > I like the D-Link DFL-700 because it has real blocking methods, real
>> > DMZ
>> > and LAN networks, acts as a PPTP server and can provide port forwarding
>> > inbound based on you authenticating with the device first....
>>
>> Thanks a lot Leythos!
>
> If you need something more, there are a LOT of firewall in the $300 to
> $500 range that can do even more.

My problem is that I'm not completely sure on the features I need. I do not
trust a flat and cheap router ($30). A hardware router & firewall hardware
sounds like it will protect me better. I have learned a lot about NAT, and
the importance of SPI features. Also I do know that some manufacturers are
really bad or irresponsible and they have released so many firmwares, and
patches. I'm not sure about the feature details in the administration of the
firewall, but my learning is in process. I do not place limits on my
learning as long as the gain is to know how to protect myself. Budget is
limited though, but it will be great to know what I'm missing for not paying
beyond more than $400.

For what I have been researching, the difference I see beyond your
recommended solution is on the number of VPN connection (moving it to the
corporate way). I'm just looking to administer 1 PC, 1 laptop, and a testing
server. If I ever VPN will be just 1 connection (me), I'm quite paranoid ;)
I'm going to have a laptop wireless, I'm also looking for a WiFi feature of
the hardware (as long as I can properly secure it just for my laptop's use).
I appreciate your assistance.

Re: Is there a risk with firewalls?

In article <6F3ri.379766$p47.219442@bgtnsc04-news.ops.worldnet.att.net>,
nospam@no.spam says...
> For what I have been researching, the difference I see beyond your
> recommended solution is on the number of VPN connection (moving it to the
> corporate way). I'm just looking to administer 1 PC, 1 laptop, and a testing
> server. If I ever VPN will be just 1 connection (me), I'm quite paranoid ;)
> I'm going to have a laptop wireless, I'm also looking for a WiFi feature of
> the hardware (as long as I can properly secure it just for my laptop's use).
> I appreciate your assistance.

Many of the low end appliances, like the DFL-700, will do what you want
and provide a level of protection as long as you implement ALL of the
other security measures, a firewall won't protect you from most exploits
or from yourself.

The higher end units have additional protection features, can detect
attacks of specific types, can filter content out of inbound SMTP (if
you have your own email server), can filter content out of HTTP sessions
(The DFL-700 does this too) so that you can block things like active-x,
JS, exe, bad, scr, etc... downloads..... You also get good logging in
most cases.

I've got a lot of friends that have simple BEFSR41 units that practice
safe-hex and don't need anything more than the cheap NAT router and
they've not been compromised either. The difference is that they follow
the standards for save internet/network/device access.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)