Re: Slippery intruder -- please advise

chris_at_nospam.com
Date: 10/03/04 

Date: Sun, 03 Oct 2004 02:12:37 GMT

On Sat, 02 Oct 2004 14:44:04 -0400, Lars M. Hansen
<badnews@hansenonline.net> wrote:

>On Fri, 01 Oct 2004 15:26:02 GMT, Time Traveller spoketh
>
>>Thanks GreySoul. This did the trick. It turns out that Skype was the guilty
>>party. Now what I don't understand -- and forgive my firewall ignorance on
>>this issue -- is how Skype is able to push through the firewall using those
>>ports. It was my impression that these home firewalls are setup by default
>>to block all ports except those commonly used to acccess applications like
>>email and web surfing. I know that I have to tweak the firewall and
>>specifically open up ports for apps like emule or network games and things
>>of that nature. How can this app just go ahead and do this? I'm hot to
>>worried about Skype (should I be?) but I am worried about some Trojan being
>>able to do precisely what Skype has done which is establish a connection
>>through my firewall.
>>
>
>Without knowing what "firewall" you have, it would be pure speculation
>to, uhm, speculate ... However:
>
> * NAT routers only block *incoming* connections, and very few only have
>limited means of blocking outbound connection and this can be a pain to
>configure.

NAT isn't a firewall. By default, though it prevents incoming
connections without an existing outgoing connection (which arn't
blocked).

> * Software or personal firewalls could potentially have a rule clash,
>one where Skype is allowed to make any outbound connection and one where
>all access to a give IP address (or range) is denied. In this case, it
>appears that the wrong rule wins (the allow-rule) rather than the more
>restrictive (and correct) deny rule...

The Windows XP SP2 firewall doesn't block outgoing connections and in
fact has some connections open by default. Some personal firewall
software is just as useless.

-Chris

Relevant Pages

  • Re: Another VPN Issue...Say it aint so...
    ... click on "Services and Ports." ... Now how can I configure the firewall within ... but this time disable Firewall and redo remote access ... to make sure I get a good snap-in connection and see what goes on?!? ...
    (microsoft.public.windows.server.sbs)
  • Re: WDSC, VPN, and RPG Editing
    ... this) and so it drops the ethernet connection. ... to do with firewalls or other ports. ... do with the firewall on my router and the ports that are/aren't ... workstation to port 446 on the iSeries server. ...
    (comp.sys.ibm.as400.misc)
  • AdAware, SpyBot S &D, etc. + leave PC connected to Internet
    ... Does it have somehting to dow the Firewall ... with spyware services and adsites, the latter of which can be worse ... What ports are open? ... routers do absolutely zero as far as preventing outbound connection ...
    (comp.security.firewalls)
  • Re: How to close the unnecessary Ports
    ... >> necessary ports for a homeuser and how to close the rest of the ports? ... I assume you are running a hostbased firewall with no server ports ... > know whether it is a statefull or a packet filtering firewall as the ... makes decisions based on the connection as well as the rule base. ...
    (alt.computer.security)
  • ipnat and "udp consistent translation" (Skype related)
    ... Using Skype on a machine behind a FreeBSD 4.x firewall using ... ipf/ipnat, if I try a file transfer I get "your connection is relayed" ...
    (freebsd-questions)