Those personal firewall products are a bit misleading ... makes me wondering if they just want to grab your attention -- "see, I'm doing something, I worth the money you spent ... "

dennis2 (Dennis)
<本文发表于: 相约加拿大:枫下论坛 >
But don't get me wrong, they are still useful.

Trojan horses cannot be implanted by merely connecting to a TCP/UDP port. For that to work, you have to have a service listening on that port, and that service is having security problems (most notably buffer overflows) that can give remote attacker root (administrator) access. After the attacker gaining root access, they can do whatever they want including implanting a trojan horse.

The warnings from those personal firewalls are most likely happened when someone trying to connect to a well known trojan TCP/UDP port. That means, if you have a trojan planted, and you don't have a firewall to block that port, the attacker can gain control of your machine through the trojan. For example, netbus (a well known back oriffice like trojan) is listening on TCP/12345. When someone is trying to connect to that port on your machine, your Norton firewall will probably put out a warning saying that you are being attacked by netbus trojan. But the fact is, you might not have netbus on your machine listening on TCP/12345.

In unix world, you can control precisely which port(s) to open. But that's not the case with windows. Windows has to open certain ports in order for it to function normally. That's why you need those personal firewalls to block those ports on the Internet side. If you want to share something through some services (HTTP, FTP), make sure to configure you firewall to allow connections only to those ports (eg., TCP/80) and the services are updated with the latest security patches. IIS is notoriously insecure from the default install, and very few ftp servers don't have security problems.
<本文发表于: 相约加拿大:枫下论坛 >

2002-2-7 -04:00

回到话题: 有了防火墙,一天能挡住上百匹木马, 没防火的主, PC还不成马厩拉?

回到论坛: HOME枫下论坛枫下论坛主坛工作学习IT杂谈