Anyone have any ideas about how the effects of the "firewall" exploit would effect a stateful packet analyzer firewall. Something like NetGears FR314, etc...
--- Below is taken from the article http://www.theregister.co.uk/content/55/22788.html --- Security researchers have highlighted a potential shortcoming with personal firewall products. To alert users of the presence of a Trojan or privacy threatening program running on their systems, personal firewalls have been adapted so they monitor and block outbound traffic (as well as blocking inbound network traffic). If a malicious program becomes active a user will be alerted and the application will be blocked by a personal firewall (unless a user is daft enough to agree that it should be able to access the Internet, of course). This would normally stop a Trojan sending out data (which might be your passwords) disguised as HTTP traffic on port 80. However if a malicious program modifies a DLL used by Internet Explorer to make an outbound connections to port 80 on its behalf then this protection is bypassed. Security researcher Robin Keir, has developed a proof-of-concept tool, called FireHole, which illustrates how the trick can fool personal firewalls (such as Zone Alarm, Norton Personal Firewall and Black Ice Defender). =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
