Re: outbound filtering

From: William <starrwarz@g_~-clothes-~_m~more_clothes~ail.com>
Date: Wed, 27 Dec 2006 01:48:02 GMT

On 12/26/2006 2:46 PM, something possessed Sebastian Gottschalk to write:

badgolferman wrote:

Jim Ford, 12/26/2006,3:32:22 PM, wrote:

He obviously knows a lot about security
Maybe not. If he really knew a lot about security he would be willing
to offer advise. I'd say he knows a lot about arrogance.

Actually this one rathers belongs much more to a meta discussion. Your
problem is not a concrete security problem, but the lack of concept and
knowledge. Offering concrete advise won't solve this more fundamental
problem.

What problem? He didn't give an abstract or concrete problem, the OP just asked for some advise, and instead received the rantings of a mere child who thinks he knows more than the rest of the Internet users and uses that arrogant belief to pompously attack any others showing any sign of ignorance (by asking for advise) in order to boost and inflate your undeveloped ego.

And I've pointed out some concrete consequences of this problem:

- NAT routers aren't firewall or security devices.

Depends on the router, but most NAT routers act as hardware firewalls, blocking unsolicited inbound connections.

- Monitoring connections doesn't require extensive packet filters with
state machines, but just standard operating system tools requesting such
information directly from the OS.

Well, that will tell you where your remote endpoint connections are and what programs are making the connection, but not much more than that. On that note, these are snapshots, not real-time displays of connection activity. For a real time display of remote connections I'd recommend Kerio Personal Firewall, or if the OP doesn't want a firewall, than sysinternals.com TCPMon.

- Outbound filtering doesn't work.

It doesn't?

Never did, never will, beside the wishes
because it would be nice if it actually worked.

Well, granted it's not perfect, but neither are AVs. However, I have found program baddies that AVs and other anti-malware proggies missed solely from being alerted of their outbound connections (which I believe is the added security that the OP wishes), so yes, they do work. They may be allowed to be circumnavigated, but in the world with Windows and Gates nothing is perfect.

And the reason is
inter-process communication, some feature that you wouldn't like to miss
either.

Elaborate on this please. Are you referring to rootkits, bad modules hooking into legit processes, or just processes communicating with eachother via localhost port communications.
.

References:
- outbound filtering
  - From: badgolferman
- Re: outbound filtering
  - From: badgolferman
- Re: outbound filtering
  - From: Jim Ford
- Re: outbound filtering
  - From: badgolferman

Prev by Date: Password-based challenge-response
Next by Date: Re: Attack Detected
Previous by thread: Re: outbound filtering
Next by thread: Re: outbound filtering
Index(es):
- Date
- Thread

Relevant Pages

Re: What is the Pattern here ?
... These are all Dialup Connections that I had no connection with at the time. ... It's obviously an enormous security hole, ... > and a real firewall box. ...
(comp.security.firewalls)
Re: outbound filtering
... Nonetheless, it IS a hardware firewall, and since you felt inclined to mention that it wasn't, someone needed to provide correct information before whoever reads this thread becomes as confused about firewalls and Internet Security in general as you. ... Maybe Packet Sniffing, or Monitoring not just when a connection is made, but when an application changes (Kerio Personal Firewall provides this PROTECTION, if a process is changed, the user is alerted to it). ... I do know that when one process tries to access another (which is interprocess communication, not what you were trying to demonstrate just now), that Kerio does protect against that by alerting the user and asking if he/she wants to allow or deny. ...
(comp.security.firewalls)
WinXPs built-in firewall reconfigures self
... but I'm seeing a problem where WinXP's built-in firewall ... stops allowing Remote Desktop connections into a machine. ... Protect your servers with 128-bit SSL encryption! ... transactions for serious online security. ...
(NT-Bugtraq)
Networking
... one way communication often indicates a firewall problem. ... >I have set up a home ethernet network. ... >It would appear that all the cables, cards & connections ...
(microsoft.public.windowsxp.network_web)
Re: Firewall and email/file servers on same machine?
... >> I'm thinking of adding a linux based firewall to my home network, ... >> Is it better from a security point of view to have physically separate ... It has always been my intent to re-open some remote connections, ... external connection, it will probably only be a filtered OpenVPN ...
(comp.os.linux.networking)