Page 2 of 2 FirstFirst 12
Results 21 to 23 of 23

Thread: Comodo blocking port forwarding

  1. #21
    Poutnik
    Guest

    Re: Comodo blocking port forwarding

    In article <66228hF2ij117U1@mid.dfncis.de>, Tue, 08 Apr 2008 22:18:16
    +0200 Sebastian G. says...
    > Poutnik wrote:
    >


    > Yes, that's the opinion of obviously clueless people. Say I setup a packet
    > filter to drop every packets, how exactly would you try to circumvent this?


    Easily.
    Such settings will be soon replaced by something useful.
    Similarly it can be said PC switched off is 100% secure.
    But such one is useless one.
    >
    > As for a more practical example: I setup a packet filter to only allow HTTP
    > on port 80 via a proxy, and the proxy does both DNS forwarding and HTTP
    > proxying. In both application protocols I set up a whitelist of allowed
    > domains - now how exactly would you circumvent it?


    easily, by human press to cancel such limited funtionality.

    There will be always forced trade off between functionality
    and security. Any system is as strong as people let him to be,
    not as it could be. This trade off will be always
    a weakness by principle, not less serious than
    principial ability of PFW to be compromised.
    >
    > > BTW tests shows malware have hard time to get through PFWs.

    > Serious tests show how blatantly wrong these tests are.


    Not proved. Well, most you say about PFW, can be easily applied
    to AV solutions. Would you persuade people not to use AV ?
    The fact there is no 100% secure sw solution of any kind
    ( and I have never claimed the opposite )
    does not mean we should not use it.
    Would you not trying to cure a disease, just because there is
    no garance of success ?

    > > Their low level drivers are blocking all connection activity
    > > until PFW application is running.

    >
    > And what happens before the driver is loaded?


    Then there are suspicious data transactions
    between other already booted devices
    within so called secured LAN HW FWs do not care after.
    Who would care about FW in age of notebooks,
    palms, IR, wifi, bluetooth and all related stuff ? :-D

    I think this discussion probably leads to nowhere.
    But I take it like an income, not lost.
    Glad to share opinions with all of you.
    Thanks for cooperation.

  2. #22
    Mr. Arnold
    Guest

    Re: Comodo blocking port forwarding


    "Poutnik" <me@privacy.net> wrote in message
    news:MPG.2265da79aa488fa3989684@127.0.0.1...
    > In article <fsadnTOgU_4COGfanZ2dnUVZ_sGvnZ2d@earthlink.com>, Mon, 7
    > Apr 2008 18:50:56 -0400 says...
    >
    >> What? The traffic travels from the WAN to the LAN. That is traffic that's
    >> let through the firewall, the trusted and untrusted zone. Whether it be
    >> two
    >> NICS doing a (WAN/LAN) or the WAN/LAN on a FW appliance, traffic is
    >> controlled between the interfaces, inbound and outbound, the trusted and
    >> untrusted zones with a FW solution.

    >
    > Why is so hard to understand I do know all that stuff ? BTW you forgot
    > to mention DMZ. Just pointing you not to be so much IT focused as being
    > a human being. I am expecting some abstraction ability at you :-)


    We are not talking about the DMZ, and besides, no PFW has one, and it is not
    a FW, period. That's what we are talking about. The junk being called a FW,
    when it's not that.

    >
    >> Look man, I was contacting my ISP's NNTP server on TCP 119 and POP3 TCP
    >> .......
    >> setting FW rules.

    >
    > I was not saying anywere they cannot stop my activity.
    > What I was trying to say it is easy to hide unwanted activity within
    > legitimate one.
    >
    >
    >> It never was a FW functionality. It's a snake-oil personal FW solution.

    >
    > A Snake is your favorite animal, I see :-)


    When did oil become an animal? I'll put it to you another way. You have
    been took. You have been bamboozled into thinking that something like
    Commando is a FW solution.


    >> > There is no need to compromise or even attack FW ( where HW/SW ones are
    >> > strong ), if you can persuade him.

    >>
    >> We are talking about something like Commando that runs with the O/S. The
    >> O/S
    >> can be fooled and so can the snake-oil PFW solution if malware can get
    >> there
    >> and can be executed. It can punceh right through it.

    >
    > You have twice mentioned Commando - I do not know such PFW.
    > Every software can be fooled, even such running on FWs,
    > no matter if in DRAM or NOR Flash.


    One can call it Commando, Comodo or Commode it doesn't make any difference
    to me about a PFW solution. They are all junk. You see any of that trash
    running on the Linux platform?


    > BTW tests shows malware have hard time to get through PFWs.
    > And there is very huge difference between packet filter,
    > as you said PFW are at the best, and today PFWs.


    No, they don't, when the user is running with admin rights and the malware
    is running under those rights, which they can and do manipulate the FW rules
    or some of that, toilet bowl, application control junk in them, punch right
    through it. And beside, there is the fallible human being factor too. It's
    not that hard to circumvent them.

    >>
    >> So, what happens at the boot and login process when malware can beat the
    >> PFW, run and communicate, before the PFW can run to protect the
    >> connection? The O/S is not waiting for the PFW before the connection is
    >> make
    >> available? The 3rd patry PFW is not an intergrated solution.

    >
    > Well, You made me little dissappointed at this moment.
    > I have thought you have better idea about how they work.
    > Their low level drivers are blocking all connection activity
    > until PFW application is running.


    Thst's BS, because I have tested the 3rd party PFW(s) for this, and they
    CANNOT get to the connection first, because they are not an integrated part
    of the Windows O/S platform. No Windows NT service is dependent upon or is
    made to wait on the PFW service, none of them. If the PFW service is not up
    and running, then how is it stopping anything that's gotten to the
    connection first? It can't do it. The ones that can do it are the Windows XP
    and the Vista FW(s), that's is, they get to the connection first and protect
    the network connection, before anything else can use the connection.

    You can put it to the test. You install Gator on that machine, and you set
    all the rules you want to stop Gator form connecting outbound to one of its
    many sites with your PFW solution, and you see if that PFW you hold in such
    high regards can stop Gator at boot and logon. You can use Active Ports or
    Currpotrs, and the best you might see is the connections being closed after
    Gator has done its thing.

    >
    > You may know Perfectdisk as one of leading defragmenting programs,
    > able to perform "offline" defrag of all system files.
    > Well It has hard time today, not able to do it.
    > Latest PFW denies exclusive access for it.


    It's doing everything that it's not suppose to be doing. It's doing
    everything but acting like a packet filter stopping unsolicited inbound
    traffic from reaching the computer. It's a jack of all trades master of none
    trying to protect *you* from *you*. If I don't want something to
    communicate, then I stop with the O/S, or better yet, I don't install the
    software at all.


  3. #23
    Sebastian G.
    Guest

    Re: Comodo blocking port forwarding

    Poutnik wrote:


    >> As for a more practical example: I setup a packet filter to only allow HTTP
    >> on port 80 via a proxy, and the proxy does both DNS forwarding and HTTP
    >> proxying. In both application protocols I set up a whitelist of allowed
    >> domains - now how exactly would you circumvent it?

    >
    > easily, by human press to cancel such limited funtionality.



    Obviously you've never been working as an admin in a company. Indeed, there
    is some press at the beginning, until they learn how to sit down and shut
    up. After all, you're supposed to work, and thus only get access to the
    resources you need for getting the work done.

    > This trade off will be always


    > a weakness by principle, not less serious than
    > principial ability of PFW to be compromised.



    Well, I'd say the latter is always more serious, especially since it's
    typically an implementation problem.

    >>> BTW tests shows malware have hard time to get through PFWs.

    >> Serious tests show how blatantly wrong these tests are.

    >
    > Not proved. Well, most you say about PFW, can be easily applied
    > to AV solutions. Would you persuade people not to use AV ?



    Persuade? The default hypothesis is that you don't use something until you
    actually need it. A virus scanner can be a useful intrusion detection
    system, and a god junk filter, but anything bezong is quite furtile.

    That is, if they really decide to use a virus scanner, I'd persuade them to
    not rely on it as a security measure, since (sadly) most of them do. Which
    also typically means that it's of no value to them any more, and thus they
    should simply stop using it at all.

    > The fact there is no 100% secure sw solution of any kind
    > ( and I have never claimed the opposite )
    > does not mean we should not use it.



    Wrong direction. By principle, any additional software increases the
    system's complexity and therefore reduces its security. Unless this can be
    justified by the additional protection introduced, it's absolutely wrong to
    use it. And for PFWs this case always holds.

    > Would you not trying to cure a disease, just because there is
    > no garance of success ?



    And now a wrong analogy between the analogue and the digital world (hint:
    the latter has an enumerable possibility space, and doesn't know the
    equivalence of "just use more force"), as well as a wrong analogy between
    biological diseases and computer security problems (hint: biological bodies
    are open systems, by design).

    >>> Their low level drivers are blocking all connection activity
    >>> until PFW application is running.

    >> And what happens before the driver is loaded?

    >
    > Then there are suspicious data transactions
    > between other already booted devices
    > within so called secured LAN HW FWs do not care after.
    > Who would care about FW in age of notebooks,
    > palms, IR, wifi, bluetooth and all related stuff ? :-D



    You shouldn't post while being drunk or stoned. This absolutely doesn't make
    any sense.

Similar Threads

  1. what the heck is all this on my logs?
    By Faction in forum Wireless Networks & Routers
    Replies: 13
    Last Post: 08-11-08, 08:03 PM
  2. A routing query
    By dileepviswa in forum Wireless Networks & Routers
    Replies: 1
    Last Post: 02-22-06, 11:26 PM
  3. Why Port Forwarding in Games Pisses me off
    By purecomedy in forum Gaming
    Replies: 11
    Last Post: 01-02-06, 12:11 PM
  4. port forwarding
    By corruptMonk in forum Wireless Networks & Routers
    Replies: 0
    Last Post: 12-21-05, 08:40 AM
  5. Nat Error, Port Forwarding w/ Putty
    By gearshifter in forum Software Forum
    Replies: 13
    Last Post: 12-07-05, 09:18 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •