Viz WinXP I agree - having outbound blocking when the firewall itself is hosted on the hacked machine is pointless, especially if as Myron pointed out most users run XP as Administrator and have full API access on tap. Uurrkk!
Re Linux - the situation can be different - firstly best practice is to build a bastion host that does not have any user sessions at all. Combine that with tight outbound blocking it is a useful (but not foolproof) way of nuking attempts to get the payload installed. In the past tftp was popular but I guess the black hats will aim to make use of port 80 et al to circumvent this or use the scripting exploits. Regardless even if the black code gets fully installed it will still have to negotiate it's way back out to the net and will most likely attract admin attention in trying to do it. My 10c worth, cheers Frank. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alex K. Angelopoulos Sent: Thursday, 9 September 2004 3:28 AM To: [EMAIL PROTECTED] Subject: Re: server closed connection unexpectedly >> What's the point in having a firewall built into Windows. >> Unless it's possible to block access to that API. Hmmm.... James Weatherall wrote: > The same point that there is in having ipchains/iptables in Linux - it > allows an Administrator to restrict access to only those services that > are actually required, so that poorly coded services don't provide > backdoors to attackers. The intent is not to protect from malicious > programs run as root/Administrator (or at least it shouldn't be...) Indeed. If a black hat has gotten his code onto your machine and is running as root/Administrator, he's already scored. Making it hard for a homeowner to lock or unlock doors from inside a house isn't a fundamentally helpful security measure - just annoying. _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
