Re: Avast and Proxomitron
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Avast and Proxomitron

From: Duane Arnold <notme@notme.com>
Date: Mon Jul 25 2005 - 19:18:34 CEST



Peter James <pfjames@clara.co.uk> wrote in 


news:4kv9e1do1qcabqq9g2lbp52hqk1lbh8lma@4ax.com:



> I've noticed over the past few days that proxomitron is stopping


> access to port 1239 by such malware as "Red Sherrif" "Bargain Buddy"


> and other little gems.  Can  I instruct Kerio firewall to block this


> port on a permanent basis, and am I likely to experience any problems


> with the operation of my PC?  Is it the opion of the followers of this


> NG that ZA is a better firewall than Kerio?


> And how are these malware programms accessing my  PC in the first


> place.  I run a firewall, anti-virus and run spam blocking programs


> and check for malware regularly. I've yet to find anything on the PC.


> I run Spybot, Ad-Aware, MS antispyware, Spywareblaster.  All up to


> date and all configured to run full system scans.


>



What are you talking about here? The operative word here that you have 


mentioned is *STOPPING*. The personal FW solution is stopping the 


unsolicited scans, probes and attacks.



If a malware program was running on your machine, then it would have made 


a solicitation for traffic to the remote site (phoned home) and the FW 


would have let the communication between the malware program running on 


your machine and the one sitting at the remote site, otherwise if the no 


program running on your machine is making the solicitation to a remote 


site by sending outbound traffic to it, then the PFW solution is going 


drop the inbound traffic at the FW. 



That's not happening no malware program is running on your machine and is 


(listening) for return traffic on the above port. It's just everyday 


scans, probes for vulnerable machines that have been compromised and 


other Internet background noise and the PFW is stopping it.



And if malware somehow made it to your machine, then you or someone using 


the keyboard and mouse contributed to it with the happy fingers that 


clicks on unknown links and email attachments. It doesn't happen by 


itself.



Yes, and I would think that one could set a rule with a PFW solution to 


block traffic on a specified port if one chooses to create that rule.



Duane :)


Received on Thu Sep 29 19:59:28 2005