[fw-wiz] MSBlast circumventing host firewall

From: Josh Welch (jwelch_at_buffalowildwings.com)
Date: 08/15/03

  • Next message: R. DuFresne: "Re: [fw-wiz] re: NAT for a simple network"
    To: <firewall-wizards@honor.icsalabs.com>
    Date: Fri, 15 Aug 2003 16:40:14 -0500
    
    

    We've sites which are running Winproxy on one of their workstations acting
    as the firewall. This product was chosen not for its firewall capabilities,
    but for its proxy capabilities, and this was some time ago. It was then
    decided that this was our firewall at these locations because there was a
    tab labeled firewall. It appears that the firewall was configured to prevent
    connections to TCP 135 (most connections actually), but msblast blew right
    past it and infected the machine running winproxy. I'm investigating this
    right now to see if there was a misconfiguration issue or what. I've also
    heard a rumor about someone using Norton's firewall being infected. These
    could all be results of misconfiguration issues, but I'm curious if anyone
    else has seen issues with these types of products.

    Thanks,
    Josh

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: R. DuFresne: "Re: [fw-wiz] re: NAT for a simple network"

    Relevant Pages

    • Re: Fiewalls on VMS
      ... got me wondering just what Firewall capabilities were currently available ... is another important feature that would also be delayed if IPSEC is further ... So I'm just wondering what everyone is using today for their VMS firewalls? ...
      (comp.os.vms)
    • Re: [opensuse] Re: simple LAN
      ... It is a Speedtouch ADSL modem. ... The "firewall capabilities" used by most of these modems is called NAT ... What this basically does is prevent an outside connection ...
      (SuSE)
    • Re: Fiewalls on VMS
      ... got me wondering just what Firewall capabilities were currently available ... is another important feature that would also be delayed if IPSEC is further ... proven adequate to protect our PCs, plus VMS and Solaris systems. ...
      (comp.os.vms)
    • Re: Defense in Depth
      ... In most cases it has very little to do with confidence in firewall capabilities. ... > The servers on this DMZ contains servers that host> both "http" and "https" pages> ... Mail - You care about security. ...
      (Security-Basics)
    • Re: Fiewalls on VMS
      ... got me wondering just what Firewall capabilities were currently available ... You may recall the TCP/IP Services engineer's quote: ... So I'm just wondering what everyone is using today for their VMS firewalls? ...
      (comp.os.vms)