Re: How did it get through?

From: John (john@thejohn.invalid)
Date: 01/18/03

• Next message: Jari Lehtonen: "Has your Norton internet security 2003 caught any spam?"
• Previous message: Melvin Klassen: "Re: How did it get through?"
• In reply to: Duane Arnold: "Re: How did it get through?"
• Next in thread: Duane Arnold: "Re: How did it get through?"
• Reply: Duane Arnold: "Re: How did it get through?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: John <john@thejohn.invalid>
Date: Sat, 18 Jan 2003 21:59:40 GMT

On Sat, 18 Jan 2003 19:57:56 GMT, "Duane Arnold" <notme@notme.com>
wrote:

>>How did that get
>> through the Netgear firewall into the local net?
>
>The router is not going to stop a worm from coming down any port.

Agreed, if the port is already in use so that SPI will think it is OK.
It is not clear how this could have happened with a port 137/138
request, though. I'm trying to understand if there IS a way this could
have happened - if not, I will look at the local machine/net as the
source.

>And all
>software firewalls, except for one of them, are not going to stop execution
>of a worm Trojan horse, or virus, once the AV or Trojan scanner has not
>detected the presence of it being there.

Agreed. Execution control is nice.

>A network being attacked doesn't mean that it always comes for the Internet.
>Someone could have brought the infection in by other means and compromised
>the network.

That's what I'm trying to find out, especially if a teenager has used
the net. :-) I'm trying to rule out the likelihood of the 137/138
probe coming in through SPI.

>And the Netgear FVS318 router looks to be a NAT router with SPI and is not a
>router with a *true* firewall.

What would you consider to be a *true* firewall?

Thanks for the reply.

John

---

• Next message: Jari Lehtonen: "Has your Norton internet security 2003 caught any spam?"
• Previous message: Melvin Klassen: "Re: How did it get through?"
• In reply to: Duane Arnold: "Re: How did it get through?"
• Next in thread: Duane Arnold: "Re: How did it get through?"
• Reply: Duane Arnold: "Re: How did it get through?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Routers Firewall ... I ask him do you have a firewall and he says yes. ... I still have an IDS/firewall on all my machines behind the router. ... > to connect to a port your public IP address the router would reject the ... > An open port on the router could be connected to a service running on the ... (comp.security.firewalls) Re: Possible Mail Relay or just new usages of returned mail by spammers ... If you have ANY type of firewall, be it a NAT router or true firewall ... ISA can be used in conjunction with the router/firewall, but if you do, you ... to be done twice...once in ISA, and once in the router to port forward to ... (microsoft.public.windows.server.sbs) Re: Home firewall Hits ... >Port 162 with a UDP message. ... than theres nothing blocking access from the internet to your router. ... >Subject: Home firewall Hits ... >simplify the management and deployment of PGP and reduce overall PGP costs ... (Security-Basics) Re: Routers Firewall ... > indicates that it has firewall technology, then the router doesn't have a ... What your router does have is NAT. ... ZA is a fine product which will protect a computer ... Port 80 is the WEB access port and port 21 is the FTP ... (comp.security.firewalls) Re: Bypassing the firewall ... Firewall in the router but i think it comes with Zone Alarm. ... >> The one thing you MUST remember is that an open port is an open port no ... >> So start your game and then start TCPview to see the ports the game is ... (comp.security.firewalls)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)