[Dshield] OT: SlightlytTipsy, but I have a question.
keith.smith at keiths-place.com
Sun Oct 6 13:11:52 GMT 2002
-----BEGIN PGP SIGNED MESSAGE-----
> Do people (varmints, vermin etc) who run Trojans, have
> Firewalls, and if they do, how do they have them configured ?
A firewall is all about port connect and communication protection, and as such have little to do with stopping a Trojan. That said, they do by their nature inhibit the spread of a small subset of viruses, and some firewall products have email scanners built in since email is a common way for Trojans to enter.
> How do you configure a Trojan from your own PC through a
> Firewall to go out and then configure it ( or it`s results)
> to come in ?
Not sure I quite understand you here, most Trojans I can think of don't offer a control panel interface allowing you to configure their behaviour. But if you mean "How can an outbound Trojan get past a firewall?" then that depends on where the firewall is.
If the firewall is running on the same machine then its quite straightforward: The Trojan uses its own TCP stack or uses an existing and pre-approved application to get out. There was a long thread on this a few months back.
If the firewall is on a different machine then it depends on how the Trojan is transmitted, if it is transmitted via a common protocol (like email) then it will probably be let through (because it *is* email), if its using a different protocol then it will depend on what outbound filtering the firewall does.
> If you allow a Trojan to come in, through your
> Firewall, what if it`s somebody elses ?
If its in and running, then game over.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the list