[Dshield] OT: SlightlytTipsy, but I have a question.

Keith Smith keith.smith at keiths-place.com
Sun Oct 6 13:11:52 GMT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Do people (varmints, vermin etc) who run Trojans, have 
> Firewalls, and if they do, how do they have them configured ? 

A firewall is all about port connect and communication protection, and as such have little to do with stopping a Trojan.  That said, they do by their nature inhibit the spread of a small subset of viruses, and some firewall products have email scanners built in since email is a common way for Trojans to enter.


> How do you configure  a Trojan from your own PC through a 
> Firewall to go out and then configure it ( or it`s results) 
> to come in ?

Not sure I quite understand you here, most Trojans I can think of don't offer a control panel interface allowing you to configure their behaviour.  But if you mean "How can an outbound Trojan get past a firewall?" then that depends on where the firewall is.

If the firewall is running on the same machine then its quite straightforward: The Trojan uses its own TCP stack or uses an existing and pre-approved application to get out.  There was a long thread on this a few months back.

If the firewall is on a different machine then it depends on how the Trojan is transmitted, if it is transmitted via a common protocol (like email) then it will probably be let through (because it *is* email), if its using a different protocol then it will depend on what outbound filtering the firewall does.


> If you allow a Trojan to come in, through your 
> Firewall, what if it`s somebody elses ?

If its in and running, then game over.


Regards,
Keith.

-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt

iQA/AwUBPaAoib0tREWslyrAEQLcowCaAzoSZWmbaW8JdJaxQkznyQ2lNl8AnA41
1jsf+NdVjFfiRDduBLHyBVII
=I0C6
-----END PGP SIGNATURE-----





More information about the list mailing list