RE: [fw-wiz] MSBlast circumventing host firewall
From: Paul Matuszewski (sase_at_five-elements.com)
Date: 08/18/03
- Previous message: R. DuFresne: "Re: [fw-wiz] worm + VPN + firewall"
- In reply to: Josh Welch: "[fw-wiz] MSBlast circumventing host firewall"
- Next in thread: Paul Robertson: "RE: [fw-wiz] MSBlast circumventing host firewall"
- Reply: Paul Robertson: "RE: [fw-wiz] MSBlast circumventing host firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Josh Welch <jwelch@buffalowildwings.com>, firewall-wizards@honor.icsalabs.com Date: Mon, 18 Aug 2003 01:48:51 -0500
Aye,
The reason you're seeing this is because of the actual use of winproxy.
It'll dot the job at firewalling (per say) things to the inside interfaces,
but it still hasn't taken care of the actual ports on the machine itself.
You'll have to patch those bad boys up right away. Fixing the issue with
the open ports can be taken care of by remove windows networking and the
related services to the port. However, you might run into trouble with
WinProxy failing because of it, not too familar with the software here.
That's why people use inline firewalls/filtering routers... just so you
know.
Good luck, and yeah, good luck
Paul Matuszewski
In Office Networks
-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com]On Behalf Of Josh
Welch
Sent: Friday, August 15, 2003 4:40 PM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] MSBlast circumventing host firewall
We've sites which are running Winproxy on one of their workstations acting
as the firewall. This product was chosen not for its firewall capabilities,
but for its proxy capabilities, and this was some time ago. It was then
decided that this was our firewall at these locations because there was a
tab labeled firewall. It appears that the firewall was configured to prevent
connections to TCP 135 (most connections actually), but msblast blew right
past it and infected the machine running winproxy. I'm investigating this
right now to see if there was a misconfiguration issue or what. I've also
heard a rumor about someone using Norton's firewall being infected. These
could all be results of misconfiguration issues, but I'm curious if anyone
else has seen issues with these types of products.
Thanks,
Josh
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: R. DuFresne: "Re: [fw-wiz] worm + VPN + firewall"
- In reply to: Josh Welch: "[fw-wiz] MSBlast circumventing host firewall"
- Next in thread: Paul Robertson: "RE: [fw-wiz] MSBlast circumventing host firewall"
- Reply: Paul Robertson: "RE: [fw-wiz] MSBlast circumventing host firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
