Re: Probes on Port 135 and 445 continue
From: Michael (none_at_none.com)
Date: 10/13/04
- Previous message: xmp: "Re: Probes on Port 135 and 445 continue"
- In reply to: david20_at_alpha2.mdx.ac.uk: "Re: Probes on Port 135 and 445 continue"
- Next in thread: Leythos: "Re: Probes on Port 135 and 445 continue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Oct 2004 03:46:44 GMT
david20@alpha2.mdx.ac.uk wrote:
> What security NAT provides is a side effect which is better achieved via a
> proper firewall.
I'd agree with this, partially cause NAT is operating at a low level
compared to application-layer firewalls.
What I wonder then is if Linksys and simple firewalls are that much
better than NAT? Do they really scan SMTP, AIM, ICQ and other traffic?
I'm talking $50 firewalls of course, not high-end. I just question
how deep the inspection is on packets, and whether they MUST be used in
conjunction with a personal firewall (or IPS) like BlackIce which
performs inspection of ICQ and others.
Certainly Checkpoint (or linksys SPI) is "better" than a NAT router, but
most reverse-connect trojans should get past it. Reverse-connect has
been all the rage since the post-Sub7 era. The threats are just
different in 2004 than 2001. Hell, even netcat can backchannel easy.
michael
- Previous message: xmp: "Re: Probes on Port 135 and 445 continue"
- In reply to: david20_at_alpha2.mdx.ac.uk: "Re: Probes on Port 135 and 445 continue"
- Next in thread: Leythos: "Re: Probes on Port 135 and 445 continue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
