Re[2]: Inbound TCP Communication

Sun, 01 Oct 2000 02:14:30 -0700 

Hello Thomas

On 01 October 2000, at 06:13, you wrote

TF> Hallo Charlie,

TF> On Sat, 30 Sep 2000 21:38:39 +0100 GMT (01/10/2000, 04:38 +0800 GMT),
TF> Charlie Turner (ceejay) wrote:

CTc>> Ok, here's something else to think about. My firewall is set up to ask
CTc>> for permission when any new installation attempts to communicate for
CTc>> the first time. Every program I've installed since setting up the
CTc>> firewall has fired this rule and asked for permission, that is all
CTc>> except one....TB!

CTc>> <cue X-files music>
TF>      LOL

TF> I don't have this problem, because the app doesn't need to ask for
TF> permission. If any tries anything, and it is not explicitely permitted
TF> in the over 100 rules that I have set up for the firewall, I will be
TF> asked. Otherwise, if a firewall depended on the app to actively report
TF> there actions to the firewall, it would be conveniently easy to write
TF> an app to bypass the firewall and cause damage or disclose
TF> confidential information, if you are so inclined.

TF> I guess somewhere in the myriad of rules there is one that permits
TF> "any application" to make a POP connection and an SMTP connection. I
TF> had to permit these for TB in the beginning.

Some URL's re security that I've found useful. They may be of interest to
your good self and others in the list:
www.aks.com/esafe/enterprise/sandbox.asp
http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=1565921240
http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=1565924258
http://www.cert.org/advisories/CA-1999-02.html
http://www.microsoft.com/windows/Ie/security/default.asp
http://www.eeye.com/database/advisories/ad06081999/ad06081999.html
http://www.securityfocus.com/

-- 
have a good day
   Charlie (ceejay)

-- 
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   <mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
   <mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------

You are subscribed as : archive@jab.org

Reply via email to