On Fri, 2004-01-16 at 05:44, James Patterson Wicks wrote: > Your NAT router works at Layer 3. You still need a personal firewall or > proxy system that looks at as many layers as possible. You need > something like Sygate Personal Firewall that alerts you when an > application or process that you have not approved tries to go OUT to the > Internet from your PC.
Even with a personal firewall, a trojan could go out to the Internet without your knowledge, using different tactics : - exploiting a bug (in filtering) of the personal firewall used (like not monitoring UDP 53 outbound) - exploiting a bug (like a buffer overflow) of the personal firewall used and using these new privs to modify the setup and allowing itself - bypassing the personal firewall by using authorized applications (like Internet Explorer via the OLE controls) - bypassing the personal firewall by injecting your own code in authorized applications (� la CreateRemoteThread) - bypassing the personal firewall by injecting your network data under the hook in the TCP/IP stack - ... -- Nicob <[EMAIL PROTECTED]> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
