Re: Kerio PF
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Kerio PF

From: Ansgar -59cobalt- Wiechers <usenet-2006@planetcobalt.net>
Date: Mon Mar 20 2006 - 17:29:59 CET



Duane Arnold wrote:


> Ansgar -59cobalt- Wiechers wrote:


>> Duane Arnold wrote:


>>> There is no such thing as a program running behind a FW that makes


>>> or initiates contact with a remote program/application that is not


>>> the one doing the solicitation. So how can such a


>>> program/application running on the machine unsolicitedly do anything


>>> if it's the one doing the solicitation, which causes the ports to be


>>> open on the FW and the program listing on the opened ports due to


>>> its solicitation?


>> 


>> Read again.


> 


> Read it again for what?  If one doesn't want something to run, then


> one should be going to the O/S to stop it and not some personal FW to


> stop it that can be circumvented and defeated.



Sometimes people accidentally run applications that do this. Sometimes


applications can't be unbound from external interfaces (and cannot be


replaced for whatever reason). Not allowing arbitrary applications to


open listening ports helps mitigating risks.



cu


59cobalt



-- 
"If you think technology can solve your security problems, then you
don't understand the problems and you don't understand the technology."
--Bruce Schneier


Received on Mon May  1 01:00:08 2006