Site News

Science

A survey, shows that less then 40% of the British public feel they are well informed about science.

New Articles - Earth's Carbon Cycle Ultra Sonic Frogs Environmental Niche & Dinosaurs Seismic Waves Global Warming Life Support Systems Introduction to the Big Bang The Problem of Acid Rain

Our science section is in production with a proposed 1 Mar 07 "Grand launch" date.

Technology

The Linux Convert site explains how, even today, building your own linux box can be cheaper than getting an off the shelf Windows PC. There is a new article on why you should use linux there now.

New articles: Firewall Bypass Attack Snort For Newbies Malware and Intrusions Intrusion Detection Systems Malware, Trojans and Virus infections and Infection Removal

If you have any comments or suggestions for topics we should cover under the technology banner then please stop by the discussion board and let us know.

Firewall bypass attacks

This type of attack is interesting because it involves hijacking your system protection. It seemed easy to solve but that remains to be seen.

Problem

The symptoms were (a) really painfully slow Internet download and upload speeds - almost slower than dial-up - and (b) getting my user kicked from MSN Messenger and havuing to reset my password almost every ten minutes to even get into an antique version of Windows Messenger. Regularly updated anti-virus software all seemed OK. Ad-aware siad everything was fine.

Slow Internet access is hardly a unique occurrence. This could have just been due to problems with the net in general. Similarly, MSN Messenger has its own eccentricities. Sometimes it's just poor. However, after a few days, there was no improvement.

With the help of the person who was trying to send me files, it became obvious that the PC was apparently firewalled with Windows Firewall There are 2 PCs networked to this one. One was unable to access it normally, because it was supposedly locked. However, none of the PCs on the network had Windows Firewall enabled, according to the messages from Windows Security Centre. No unexpected processes appeared in the task manager or other basic process monitoring software.

Solution

After using all the other diagnostic software I have, to minimal effect. I ran Spybot Search and Destroy. It found a Windows Firewall bypass with 3 registry keys. The relevant message is shown here. (It also showed that Firefox lets through a dozen adcounters but that's another issue.) spybot screen shot

Before letting spybot delete these keys, I had a rummage on the Internet and found this old reference which explains what they were doing Sans.org article. This suggests that changing a few registry keys can disable a firewall and also reenable it, reset it to allow itself through but hide its own name. By taking over the firewall, it could even keep out rival malware software.

This explained why my network seemed to have a firewall to the outside world but not to myself. If I had had Windows Firewall enabled, there would have been no evidence whatsoever of the firewall bypass, unless I had diligently searched the registry for keys that hid what was enabled.

Message

Malware takes many varied and wonderful forms. Repeated signs of odd behaviour from your PC should make you suspicious (as in real life, so in the digital realm...).

Run lots of different forms of anti-virus software. Don't necessarily believe them, though. Malware writers can target your computer security software first, then modify the PC security software to cover up their activities.

XHTML CSS level 2 W3 Sites Any Browser GEO Url

Sci-Tech

RSS Feed

News Provided By The BBC