In message <bn345o$r24v6$(E-Mail Removed)>,
(E-Mail Removed) writes
>Bernard Peek <(E-Mail Removed)> wrote:
>> In message <bn05kj$q16r9$(E-Mail Removed)>,
>> (E-Mail Removed) writes
>> >Bernard Peek <(E-Mail Removed)> wrote:
>> >> In message <bmouj8$poenm$(E-Mail Removed)>,
>> >> (E-Mail Removed) writes
>> >>
>> >>
>> >> >> If they foolishly run something that they shouldn't, the firewall will
>> >> >> prevent the trojan from accessing the network. Likewise with
>> >> >>worms that
>> >> >> use their own SMTP engine.
>> >> >
>> >> >If SMTP is blocked how do you send mail?
>> >>
>> >> The firewall identifies the program that is trying to establish an SMTP
>> >> connection. You decide in advance which programs are permitted to make
>> >> outbound SMTP connections. The trojan won't be on the list and so
>> >> hopefully won't be able to spread beyond the infected machine.
>> >>
>> >Huh! That *really* doesn't make sense unless you're suggesting some
>> >sort of PGP signing process for the program. Any fool trojan can
>> >pretend it's any old mail program.
>>
>> At the very least it would need the trojan to overwrite an existing
>> program file that was already authorised to make an outgoing connection.
>> Some firewall programs take a checksum when you first authorise the
>> program. So a trojan would need to have the same file name and the same
>> checksum too. It's possible, but unlikely.
>>
>How can a *firewall* checksum a program? All it has to work with is
>IP packets, in most cases a firewall will be on a different piece of
>hardware from where the mail program is running.
We were specifically discussing personal firewalls that operate on each
machine in the network. They manage outgoing connections from each
machine on the network. The context seems to have been lost when my
original message was quoted.
--
Bernard Peek
London, UK. DBA, Manager, Trainer & Author. Will work for money.
Similar Threads
Linear Mode
