Re: outbound filtering
- From: William <starrwarz@g_~-clothes-~_m~more_clothes~ail.com>
- Date: Wed, 27 Dec 2006 01:48:02 GMT
On 12/26/2006 2:46 PM, something possessed Sebastian Gottschalk to write:
Jim Ford, 12/26/2006,3:32:22 PM, wrote:
He obviously knows a lot about securityMaybe not. If he really knew a lot about security he would be willing
to offer advise. I'd say he knows a lot about arrogance.
Actually this one rathers belongs much more to a meta discussion. Your
problem is not a concrete security problem, but the lack of concept and
knowledge. Offering concrete advise won't solve this more fundamental
What problem? He didn't give an abstract or concrete problem, the OP just asked for some advise, and instead received the rantings of a mere child who thinks he knows more than the rest of the Internet users and uses that arrogant belief to pompously attack any others showing any sign of ignorance (by asking for advise) in order to boost and inflate your undeveloped ego.
Depends on the router, but most NAT routers act as hardware firewalls, blocking unsolicited inbound connections.
And I've pointed out some concrete consequences of this problem:
- NAT routers aren't firewall or security devices.
- Monitoring connections doesn't require extensive packet filters withWell, that will tell you where your remote endpoint connections are and what programs are making the connection, but not much more than that. On that note, these are snapshots, not real-time displays of connection activity. For a real time display of remote connections I'd recommend Kerio Personal Firewall, or if the OP doesn't want a firewall, than sysinternals.com TCPMon.
state machines, but just standard operating system tools requesting such
information directly from the OS.
- Outbound filtering doesn't work.It doesn't?
Never did, never will, beside the wishesWell, granted it's not perfect, but neither are AVs. However, I have found program baddies that AVs and other anti-malware proggies missed solely from being alerted of their outbound connections (which I believe is the added security that the OP wishes), so yes, they do work. They may be allowed to be circumnavigated, but in the world with Windows and Gates nothing is perfect.
because it would be nice if it actually worked.
And the reason isElaborate on this please. Are you referring to rootkits, bad modules hooking into legit processes, or just processes communicating with eachother via localhost port communications.
inter-process communication, some feature that you wouldn't like to miss