Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Trojans & spyware imitating alowed trafic

To: "Kim S. Lohse" <[email protected]>, "[email protected]" <[email protected]>
Subject: RE: [FW1] Trojans & spyware imitating alowed trafic
From: "Lars Troen" <[email protected]>
Date: Mon, 9 Jul 2001 11:08:02 +0200
Importance: Normal
In-reply-to: <[email protected]>
Sender: [email protected]

Kim,
If you use the security servers, they will provide this for you. Also
protocols defined in inspect will (atleast to a certain degree) do this. All
other protocols that are defined by a tcp/udp port will not do this.

ZoneAlarm OTOH is a personal firewall, which works in a totally different
way that fw1. As a personal firewall it doesn't care about ports, but rather
about applications. It stores each applications identity as a MD5 hash, so
if you allow an application to access the internet, Zonealarm will notice if
the application change or the executable is replaced.


Lars


-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of Kim
S. Lohse
Sent: Saturday, July 07, 2001 20:44
To: [email protected]
Subject: [FW1] Trojans & spyware imitating alowed trafic



Hey all'

I was wondering if anybody knows how to prevent programs such as Trojans
and spy ware from imitating allowed traffic such as FTP by using the
same port?

I know that ZoneLabs' free ZoneAlarm prevents this by cryptographically
certifying the identity of executable programs. But how do I do some
thing similar with FW-1?

--------------------------------
Kim S. Lohse
Partner

ITWorx I/S
Rolfs Plads 7, 4. th.
2000 Frederiksberg
Denmark

Phone:	+45 3879 1543
Web:		http://www.itworx.dk
E-mail:	[email protected]
--------------------------------


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Trojans & spyware imitating alowed trafic
  - From: "Kim S. Lohse" <[email protected]>

Prev by Date: RE: [FW1] Proxy-Position
Next by Date: RE: [FW1] List working or not???
Previous by thread: [FW1] Trojans & spyware imitating alowed trafic
Next by thread: RE: [FW1] Trojans & spyware imitating alowed trafic
Index(es):
- Date
- Thread