[fw-wiz] MSBlast circumventing host firewall

• Previous message: Josh Welch: "RE: [fw-wiz] CP Vs SonicWall Vs PIX Vs Netscreen Vs Symantec"
• Next in thread: Paul Matuszewski: "RE: [fw-wiz] MSBlast circumventing host firewall"
• Reply: Paul Matuszewski: "RE: [fw-wiz] MSBlast circumventing host firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Fri, 15 Aug 2003 16:40:14 -0500

We've sites which are running Winproxy on one of their workstations acting
as the firewall. This product was chosen not for its firewall capabilities,
but for its proxy capabilities, and this was some time ago. It was then
decided that this was our firewall at these locations because there was a
tab labeled firewall. It appears that the firewall was configured to prevent
connections to TCP 135 (most connections actually), but msblast blew right
past it and infected the machine running winproxy. I'm investigating this
right now to see if there was a misconfiguration issue or what. I've also
heard a rumor about someone using Norton's firewall being infected. These
could all be results of misconfiguration issues, but I'm curious if anyone
else has seen issues with these types of products.

Thanks,
Josh

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Josh Welch: "RE: [fw-wiz] CP Vs SonicWall Vs PIX Vs Netscreen Vs Symantec"
• Next in thread: Paul Matuszewski: "RE: [fw-wiz] MSBlast circumventing host firewall"
• Reply: Paul Matuszewski: "RE: [fw-wiz] MSBlast circumventing host firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]