> In article <9e2f2f06-9ae5-41fb-867b-fd30940fcbe6
> @f13g2000hsa.googlegroups.com>, jameshanley39@yahoo.co.uk says...
> > On 19 Nov, 10:23, Leythos <v...@nowhere.lan> wrote:
> > > In article <533b5129-d008-4dd3-ac15-33ab1c6c5c11
> > > @v4g2000hsf.googlegroups.com>, jameshanle...@yahoo.co.uk says...
> > >
> > >
> > >
> > > > On Nov 18, 11:54 pm, Leythos <v...@nowhere.lan> wrote:
> > > > > In article <aaf5ac3a-9b60-451a-b03e-36c03533b841
> > > > > @w73g2000hsf.googlegroups.com>, jameshanle...@yahoo.co.uk
> > > > > says...
> > >
> > > > > > Leythos is keen on
> > > > > > blocking certain outgoing so he`d probably know of some
> > > > > > examples.
> > >
> > > > > SMTP, SQL Command, Windows File Sharing, IM......
> > >
> > > > > I don't allow outbound SMTP from workstations ever.
> > >
> > > > > I don't allow outbound SQL Command from anything, ever.
> > >
> > > > > Windows File Sharing, DNS, etc... never from the local
> > > > > workstations..
> > >
> > > > > IM - only from approved workstations....
> > >
> > > > > While DNS is not a easy exploit the others permit LAN
> > > > > machines to spread malware to people on the net with exposed
> > > > > machines.
> > >
> > > > if you block SMTP. Can users only send email via Yahoo like
> > > > websites? I guess you don`t block some SMTP and not others,
> > > > since how would you distinguish between good and bad. They
> > > > could(knowingly or not) be bad and use your SMTP server You`d
> > > > have to block all.. Do you have no SMTP server ?
> > >
> > > Yahoo? Who uses Yahoo?
> > >
> > > If you don't have your own email server in your network then you
> > > can limit your SMTP outbound to just the IP of your ISP's SMTP
> > > server - this will cause most SMTP bots to be limited to just the
> > > SMTP service of your ISP and they will contact you shortly after
> > > you are compromised.
> > >
> > > And yes, we block all SMTP Outbound from Workstations/Devices,
> > > Except for our own SMTP server - if you're not using our SMTP
> > > server then you're not using SMTP.
> >
> > the SMTP server that malicious programs are most likely to access
> > when on your network, is your SMTP server. Since most SMTP servers
> > are not "open relays".
>
> You seem to think that only an smpt server uses SMTP - but the only
> compromised SMTP servers I've seen in years were workstations/laptops
> where the idiot had compromised their workstation is a malware that
> installs its own SMTP engine - the laptop becomes a SMTP server
> sending out hundreds of emails with the infection included per
> minute. The malware, in every case, didn't attempt to use the
> internal SMTP server, it had it's own built into it.
>
> There are many threats, I look for more than just the common ones.
I too have seen what I think you describe. users running as
administrator get compromised their windows firewall is taken down and
they end up with an smtp server and others connecting(incoming) or
trying to connect. I think mostly they are saved by their NAT router.
That is a common one!!
They are screwed if they run a Bridge or half bridge thing. Where
there is no NAT. Like some USB dsl modems and perhaps PCI DSL modems.
Typically with those things the PPP is done by windows. ipconfig
displays their public ip. Malicious people connect successfully , spam
gets sent out from the user`s computer and user gets a threatening
email from their ISP to get rid of it or else.
But, we were talking of blocking outgoing, and thus outgoing smtp.
In article <474192b2$0$21100$da0feed9@news.zen.co.uk>, jameshanley39
@yahoo.co.uk says...
> Leythos wrote:
>
> > In article <9e2f2f06-9ae5-41fb-867b-fd30940fcbe6
> > @f13g2000hsa.googlegroups.com>, jameshanley39@yahoo.co.uk says...
> > > On 19 Nov, 10:23, Leythos <v...@nowhere.lan> wrote:
> > > > In article <533b5129-d008-4dd3-ac15-33ab1c6c5c11
> > > > @v4g2000hsf.googlegroups.com>, jameshanle...@yahoo.co.uk says...
> > > >
> > > >
> > > >
> > > > > On Nov 18, 11:54 pm, Leythos <v...@nowhere.lan> wrote:
> > > > > > In article <aaf5ac3a-9b60-451a-b03e-36c03533b841
> > > > > > @w73g2000hsf.googlegroups.com>, jameshanle...@yahoo.co.uk
> > > > > > says...
> > > >
> > > > > > > Leythos is keen on
> > > > > > > blocking certain outgoing so he`d probably know of some
> > > > > > > examples.
> > > >
> > > > > > SMTP, SQL Command, Windows File Sharing, IM......
> > > >
> > > > > > I don't allow outbound SMTP from workstations ever.
> > > >
> > > > > > I don't allow outbound SQL Command from anything, ever.
> > > >
> > > > > > Windows File Sharing, DNS, etc... never from the local
> > > > > > workstations..
> > > >
> > > > > > IM - only from approved workstations....
> > > >
> > > > > > While DNS is not a easy exploit the others permit LAN
> > > > > > machines to spread malware to people on the net with exposed
> > > > > > machines.
> > > >
> > > > > if you block SMTP. Can users only send email via Yahoo like
> > > > > websites? I guess you don`t block some SMTP and not others,
> > > > > since how would you distinguish between good and bad. They
> > > > > could(knowingly or not) be bad and use your SMTP server You`d
> > > > > have to block all.. Do you have no SMTP server ?
> > > >
> > > > Yahoo? Who uses Yahoo?
> > > >
> > > > If you don't have your own email server in your network then you
> > > > can limit your SMTP outbound to just the IP of your ISP's SMTP
> > > > server - this will cause most SMTP bots to be limited to just the
> > > > SMTP service of your ISP and they will contact you shortly after
> > > > you are compromised.
> > > >
> > > > And yes, we block all SMTP Outbound from Workstations/Devices,
> > > > Except for our own SMTP server - if you're not using our SMTP
> > > > server then you're not using SMTP.
> > >
> > > the SMTP server that malicious programs are most likely to access
> > > when on your network, is your SMTP server. Since most SMTP servers
> > > are not "open relays".
> >
> > You seem to think that only an smpt server uses SMTP - but the only
> > compromised SMTP servers I've seen in years were workstations/laptops
> > where the idiot had compromised their workstation is a malware that
> > installs its own SMTP engine - the laptop becomes a SMTP server
> > sending out hundreds of emails with the infection included per
> > minute. The malware, in every case, didn't attempt to use the
> > internal SMTP server, it had it's own built into it.
> >
> > There are many threats, I look for more than just the common ones.
>
> I too have seen what I think you describe. users running as
> administrator get compromised their windows firewall is taken down and
> they end up with an smtp server and others connecting(incoming) or
> trying to connect. I think mostly they are saved by their NAT router.
> That is a common one!!
That's NOT what I'm saying - I'm saying that users, on a LAN, behind a
NAT router with no forwarding enabled, using loaded an application that
was malware and it contained a SMTP service that was sending hundreds of
emails per minute. It was not allowing external connections, it was not
being connected to from the net, it was it's own SMTP service spewing
emails out to domains - the Windows firewall would not an could not stop
this.
> They are screwed if they run a Bridge or half bridge thing. Where
> there is no NAT. Like some USB dsl modems and perhaps PCI DSL modems.
> Typically with those things the PPP is done by windows. ipconfig
> displays their public ip. Malicious people connect successfully , spam
> gets sent out from the user`s computer and user gets a threatening
> email from their ISP to get rid of it or else.
>
> But, we were talking of blocking outgoing, and thus outgoing smtp.
Yes, we are, and in this case, you've mistaken what I've said/shown,
where a blocking of SMTP outbound from the LAN by the workstations, or
where SMTP would be limited to the ISP's SMTP server, would block the
spreading of the malware in question.
Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website: http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
Unruh wrote:
> "jameshanley39@yahoo.co.uk" <jameshanley39@yahoo.co.uk> writes:
>
>> On 18 Oct, 19:14, Leythos <v...@nowhere.lan> wrote:
>>> In article <LWNRi.11385$GO5.3118@edtnps90>, unruh-s...@physics.ubc.ca
>>> says...
>>>
>>>
>>>
>>>> Yes, agreed. But that is irrelevant. The question is not whether or not a
>>>> firewall is more flexible than a NAT router, it is. The question is whether
>>>> there is a difference in security against unsolicited outside attacks
>>>> between a firewall which blocks all unsolicited outside connections, and a
>>>> NAT router with no port holes punched through (Ie no ports forwarded).
>>> Yes, there is a difference.
>>>
>>> All quality firewalls have certifications from independent authorities
>>> that will state how they work and that they are actually providing xyz.
>
> I am sorry, but you regard paper as a valid computer defense. Who cares if
> they have a piece of paper attached? The question is not who has the paper
> trail, but who has the security.
>
True but one of the things this also shows is that it has been ( thoroughly)
peer-reviewed by ( experts).I have my doubts as well since there is a lot of
potential for fraud in this space.
I like to think of it as the commercial variant to opensource software.
eg with many eyes bugs are shallow.
>>> NAT Routers have no certification (at least in the class we're talking
>>> about) and have been shown, many times, to have exploits that allow
>>> Unsolicited inbound traffic to pass through - even with no rules set by
>>> the owner.
>
> As have firewalls as times.
>
>
>
>> Where has it been shown many times?
>
>> ( Not shown [many times] in this newsgroup. I first heard of any such
>> issue from a few months ago perhaps, from Sebastian, on this
>> newsgroup, and since by Volker. In a thread where you were advocating
>> NAT for - I thought - blocking incoming )
>
>
>
Leythos;645701 Wrote:
> In article <1192120303.414117.236860@g4g2000hsf.googlegroups. com>,
> maniaque27@gmail.com says...
> > not true. the WRT54G can block outgoing connections based on any
> > number of specified parameters, and then it has all those extra
> fancy
> > features that I don't understand ;)
>
> is'.
WRT54G is a SOHO product which satisfies only the home or small office
needs....
It can control the internet access based on some parameters like Time
,date etc...
In article <Petrowhisky.30yqvc@no-mx.www.techtalkz.com>,
Petrowhisky.30yqvc@no-mx.<a href="ht...htalkz.com</a> says...
> WRT54G is a SOHO product which satisfies only the home or small office
> needs....
>
> It can control the internet access based on some parameters like Time
> ,date etc...
>
> It has both NAT and Firewall...
It is a TOY, at best, and while it meets some requirements to be a
firewall it does not provide the protection that a typical firewall
appliance would/does.
Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website: http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
> In article <Petrowhisky.30yqvc@no-mx.www.techtalkz.com>,
> Petrowhisky.30yqvc@no-mx.<a href="ht...htalkz.com</a> says...
> > WRT54G is a SOHO product which satisfies only the home or small office
> > needs....
> >
> > It can control the internet access based on some parameters like Time
> > ,date etc...
> >
> > It has both NAT and Firewall...
>
> It is a TOY, at best, and while it meets some requirements to be a
> firewall it does not provide the protection that a typical firewall
> appliance would/does.
>
> The unit is a toy.
Dial back the clock only a handful of years though, that hardware plus
open source firmware has functionality only the most austere of
"firewalls" at the time had.
It's all semantics.
YES, pedants, we get that the more expensive boxes are better, but
whether something's a firewall or not is clearly open to a broad range
of definition.
In article <84fxyk67lk.fsf@ripco.com>, comphelp@toddh.net says...
> whether something's a firewall or not is clearly open to a broad range
> of definition.
And the WRT is a NAT Rourter with Firewall LIKE functions.
Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website: http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
Re: How did they get past my NAT? 
Linear Mode
