Re: Avast and Proxomitron
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Avast and Proxomitron

From: Duane Arnold <Notme@notme.com>
Date: Tue Jul 26 2005 - 01:15:07 CEST



Peter James wrote:



> On Mon, 25 Jul 2005 17:18:34 GMT, Duane Arnold <notme@notme.com>


> wrote:


> 


>>


>>What are you talking about here? The operative word here that you have


>>mentioned is *STOPPING*. The personal FW solution is stopping the


>>unsolicited scans, probes and attacks.


>>


> I don't think I made myself  very clear here.  What I meant was, how


> is it, that inspite of all the secuity I have running on my PC these


> sites were attempting to access my PC.



You have made youself perfectly clear. You have unsolicited inbound traffic


scans, probes and attacks along with other background noise that are


reaching the PFW and they are being dropped by the PFW. It's everyday life


out there on the Internet.



> Are you saying that these attempts are from outside of the PC. to put


> it crudely, rather than as a process from within the PC?



There are two types of inbound traffic the PFW solution will consider.


Solicited traffic is any program running on the machine that has sent


outbound traffic to a remote site, the PFW is going to allow that traffic


back to the machine and to the listening program. Unsolicited traffic is


any inbound traffic that has not been solicited that hits the PFW is


dropped by PFW. If a Trojan has sent outbound traffic from behind the FW


that's solicited traffic and the FW is going to allow that traffic.



You should learn the basics about FW(s) hardware or software wise.



http://www.vicomsoft.com/knowledge/reference/firewalls1.html



And how is it possible that malware can circumvent and defeat anything


running with the O/S such as a PFW or spyware detection and AV programs


that are a dime short and a dollar late in the detection is because the


end-user contributed to the compromise 99% of the time with the happy


fingers that click on something that leads to the compromise.



You seem to need to know the basics.



the long version



http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html



the short version



http://tinyurl.com/klw1



The buck stops with the O/S. The buck doesn't stop with the PFW, spyware, or


AV. If you shut down vulnerable services that shuts down ports and do other


things to secure the O/S, it will help in the protection of a machine that


has a direct connection (no router sitting infront of the machine between


the internet and the computer) to the Internet. It's best to secure the O/S


as much as possible in that situation.



I'll assume you're using the XP O/S.



http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm



Duane :)


Received on Thu Sep 29 19:59:30 2005