[25330] in bugtraq
Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible
daemon@ATHENA.MIT.EDU (Jim Hill)
Tue Apr 30 19:43:04 2002
From: Jim Hill <bgtq@jhc.org.uk>
To: <bugtraq@securityfocus.com>
Date: Tue, 30 Apr 2002 15:43:47 +0100
Message-ID: <3cd59a8f.52914022@mid.jhc.org.uk>
In-Reply-To: <014401c1ef8d$1bb66510$0100a8c0@BlueScreenPrimary>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
BlueScreen in <014401c1ef8d$1bb66510$0100a8c0@BlueScreenPrimary>:
> ATGuard can be fooled to think that a disallowed program is allowed to
> connect to the internet.
This is a well known problem and has been discussed at length on
<http://grc.com/lt/scoreboard.htm>.
A.M Janssen has written utility which monitors the hashes (SHA1,
Ripe MD-160 or Haval) for the applications in AtGuard's ruleset
<http://www.capimonitor.nl/nisfilecheck11.zip>.
It has to be separately scheduled so it's not as good as real
time checks by the firewall but very useful nonetheless.
