Re: How to tell if a firewall alert is suspicious or not
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: How to tell if a firewall alert is suspicious or not

From: Art <null@zilch.com>
Date: Tue Sep 20 2005 - 17:59:59 CEST



On 20 Sep 2005 06:21:09 +0200, Volker Birk <bumens@dingens.org> wrote:



>Art <null@zilch.com> wrote:


>> >Anyway, on http://www.dingens.org/breakout.exe you'll find a precompiled


>> >version. This one needs Internet Explorer already running, when you start


>> >it.


>> How about making a english language version?


>


>Yes, why not?


>


>http://www.dingens.org/breakout-en.c


>http://www.dingens.org/breakout-en.exe



Thanks Volker. I found that Sygate recorded the incident in its


traffic log. So it wasn't oblivious to your POC. Yet, the point is


well made that the average user would be oblivious IMO.



I think POCs of this kind do a lot of good. I hope you plan to


polish it up. Give some thought on to how to impress average


users with the fact their fw is indeed being bypassed without


their knowledge.       



Art



http://home.epix.net/~artnpeg


Received on Thu Sep 29 20:09:42 2005