New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!

· Ian T's (AR 24)
· Marcia's (CO8)
· Bill G's (CO12)
· Paul's (AR 5)
· Robin's (AR 2)

· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
· Robin's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· RegChat
· Reviews
· Google Search
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?

$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 1211
Comments: 21
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsFavForums 

Challenge You: remotely opening my firewall port

 
Post new topic   Reply to topic       All -> FavForums -> General Symantec
View previous topic :: View next topic  
Author Message
IceBugF
Warnings : 1

Trooper
Trooper



Joined: May 12, 2004
Posts: 17
Location: Canada

PostPosted: Wed May 12, 2004 9:56 pm    Post subject: Challenge You: remotely opening my firewall port
Reply with quote

Hello,

I'm currently using Norton Internet Security 2004 for a computer in another town. I'm trying to find a way that I can configure a file to send to it, that will allow certain ports open without actually going to the computer and giving that computer permission. I allow certain end-users to use this computer and when I request them to click the file, I don't need them aware of my new security resolutions.

Is there a way to make an auto config file for my computers ? Is there a way of doing this locally on the computer if I have time for travel ?

I'm hoping someone will have advice for me, or a solution. It would be greatly appreciated. My knowledge lacks in this area

Thanks in Advance,

Sar

_________________
Just when you think you have it fixed,
IT FIXED YOU......computer bugs.....
Back to top
View users profile Send private message Send email
phoenix22

General
General
Premium Member
Premium Member


Joined: Mar 08, 2002
Posts: 4521
Location: "DEROS"

PostPosted: Wed May 12, 2004 10:04 pm    Post subject:
Reply with quote

this is the one you can keep posted
Back to top
View users profile Send private message Visit posters website
IceBugF
Warnings : 1

Trooper
Trooper



Joined: May 12, 2004
Posts: 17
Location: Canada

PostPosted: Wed May 12, 2004 10:10 pm    Post subject:
Reply with quote

wrote:
this is the one you can keep posted
OK.
How long does it take for a reply?

_________________
Just when you think you have it fixed,
IT FIXED YOU......computer bugs.....
Back to top
View users profile Send private message Send email
Mariner

Site Moderator
Site Moderator
Premium Member
Premium Member


Joined: Aug 25, 2003
Posts: 1909

PostPosted: Thu May 13, 2004 1:07 am    Post subject:
Reply with quote

Can't say, lot of time is wasted moving duplicate posts. Please bear in mind that everyone here gives of their time freely so, a little patience is required.

Thanks for your co-operation.
Back to top
View users profile Send private message
jvmorris

Security Expert
Security Expert



Joined: Dec 10, 2002
Posts: 159
Location: USA

PostPosted: Thu May 13, 2004 8:42 am    Post subject: Re: Challenge You: remotely opening my firewall port
Reply with quote

IceBugF wrote:
. . . Norton Internet Security 2004 for a computer in another town. I'm trying to find a way that I can configure a file to send to it, that will allow certain ports open without actually going to the computer and giving that computer permission. I allow certain end-users to use this computer and when I request them to click the file, I don't need them aware of my new security resolutions.

It seems to me that you have an idea as to how you want to implement something and are asking for the details of how to do it. It might be better if you were to tell us a bit more about the what you are trying to do and then allow others to come up with suggestions. You see, on the face of it, any blackhat that reads this post will be more than happy to tell you how to do this! Smile (Why, they'll even help you do it!)

So, let's go back to the beginning. Let's make the 'computer in another town' Computer A. Let's make these 'certain ends users' Users 1, 2, and 3.

First question is: Are users 1, 2, and 3 sitting at the keyboard of Computer A or are they remotely accessing it (presumably via an internet connection)? It sounds like the former, but, if the latter, how do they currently access Computer A (with NIS 2004 running, of course)?

Second question is: Is Computer A, perchance, a Win NT, Win 2000, or Win XP machine? If it is, do Users 1, 2, and 3 have individual user accounts on that machine? If they do, what user rights do they have assigned to them? (Admin? Restricted User?) Finally, are there other users with access to that machine that you do not want to be able to access this file?

Third question is: Is the file (and it sounds like an executable from what you say above) the end-all of this process? Do you just want them to be able to execute a file that you remotely place on Computer A?

. . . .

Well, let's start there, for the moment.

_________________
Regards,
Joseph V. Morris
'The man who was not there"
Back to top
View users profile Send private message
IceBugF
Warnings : 1

Trooper
Trooper



Joined: May 12, 2004
Posts: 17
Location: Canada

PostPosted: Thu May 13, 2004 9:40 am    Post subject: Second Try at Explaining
Reply with quote

I aplogise for the lack of explanation. I am use to being about to accomplish tasks on my own.

I have Computer A, B and C out of town, and I'm at "Computer Away". All users have admin rights to the computers and the platform is Windows XP. They all have NIS 2004 implemented on them, and are using that specific firewall.

I WANT them to have access to this file. I want to be able to just send them a file that they can double click, that will open the ports needed for additional internet programs without myself having to go and enter my password for NIS and config it out there.

That would be the end of it. They have the admin rights to install programs and downloads, but not the access to allow them to communicate with the Internet, without my permission.

I hope I explained what i hope to accomplish a little better. Does this help?

I'm not concerned with if it's an executeable, or a copy of a NIS file that will replace the original, etc.....

-Sar

_________________
Just when you think you have it fixed,
IT FIXED YOU......computer bugs.....
Back to top
View users profile Send private message Send email
jvmorris

Security Expert
Security Expert



Joined: Dec 10, 2002
Posts: 159
Location: USA

PostPosted: Thu May 13, 2004 2:16 pm    Post subject: Re: Second Try at Explaining
Reply with quote

Okay, this helps. Let's cut to the important part.
IceBugF wrote:
. . . . I WANT them to have access to this file. I want to be able to just send them a file and call them to request they double click it, that will open the ports needed for additional internet programs without myself having to go and enter my password for NIS and config it out there.

That would be the end of it. They have the admin rights to install programs and downloads, but not the access to allow them to communicate with the Internet, without my permission. . . .


First, the bad news.

Since about NIS/NPF 2001 (v 3.0x), Symantec has been going nuts to prevent someone from doing precisely this with their consumer-grade products. Their solutions have become ever more restrictive with each subsequent version (and we're now up to NIS 2004 (v 7.0x), with NIS 2005 probably due in a few more months). Indeed, some of the things that they've done are primarily responsible for the fact that I quit using NIS after NIS 2002 (v4.0x).

Let me explain that (and my understanding of the rationale behind their philosophy). What you're talking about is one (or maybe both) of two possibilities:
<li>The Executable file would open port(s) through the firewall to listen for unsolicited inbound communications, i.e., function as a server application, or
<li> The Executable file would open port(s) through the firewall for an application (which would have to have been already installed) to initiate some sort of Internet communication, i.e., act as a client application.

With me so far? Well, I grant that you may want to do this for perfectly legitimate reasons, but the point is that the code required could just as easily be used for malware. The first option, for example, is clearly what one would expect to find in a RAT (remote access trojan) designed to subvert this firewall; the latter is more an example of some sort of 'phone home' application also designed to subvert the firewall. And this is why Symantec has driven us nuts with some of their enhancements -- to avoid specifically these vulnerabilities.

And, yes, there are ample indications that some of these vulnerabilities were exploited against earlier versions of NIS/NPF. Indeed, that's (probably) part of the reason that more recent versions of NIS/NPF can not be accessed with Albert Janssen's AG/NIS/NPF utilities. (Symantec can encrypt all they want; you give me Albert's utilities and an inquiring mind using a few other utilities and I can crack the encryption -- if that's all that's being used.

Back in a minute with some alternatives.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
Back to top
View users profile Send private message
jvmorris

Security Expert
Security Expert



Joined: Dec 10, 2002
Posts: 159
Location: USA

PostPosted: Thu May 13, 2004 3:31 pm    Post subject:
Reply with quote

Now, for the 'good' news (if you want to call it that).

I can see four possibilities:
Downgrade the NIS/NPF firewalls to NIS/NPF 2002 (version 4.0x or earlier, not 4.5x) Of course, this brings back all the vulnerabilities that Symantec was trying to eliminate, but at this point it's not that hard to do what you want. And, with a bit of luck, none of the malware writers are going to be trying to subvert NIS/NPF 2002 or earlier anymore.
Upgrade the NIS/NPF firewall. There are several options here. Going back to NIS/NPF 2002 Pro (v. 4.5), there was centralized administration capabilities present. Unfortunately, I think that only worked on a LAN; not on a distributed LAN/WAN. I've not seen anything that indicates that NIS 2003/2004 still provides this capability, however. Consequently, it might be a better idea to upgrade to the Corporate Edition (Symantec Corporate Desktop Firewalls, AKA 5.0x). Unfortunately, I really don't know if that works unless the machines are reconfigured on a LAN. (Still, this product does apparently work with remote laptops, so it's more a matter of the logistics that may be involved in making the change.)
Switch to another software firewall. As I recall, gwion (the Tiny-Kerio mod over at BBR/DSLR's associated forum) indicates that there is a corporate version of Tiny firewall that provides (and I'm probably going to screw this up) a CDE environment in which something like this might be far more easily done. (Among other things, Tiny (and Kerio) work with far more protocols than does NIS/NPF -- currently.) I just don't know if this implementation works to provide remote reconfiguration of other machines on a WAN. (I think there are also other products that may do this. Indeed, WRQ -- the people that originally produced AtGuard, the basis of NIS/NPF -- may also provide a product that will do this.) These can be far more expensive solutions, however.
Finally, there's a very esoteric possibility (and you have to be a damn good programmer to implement it) that might work (and I have no idea inasmuch as I've certainly never tried it with NIS/NPF 2003/2004). Nor am I going to discuss it in any sort of public forum -- other than to say that you would have to (yourself) make certain highly customized changes in the rulesets that you currently have installed on those other computers.

Now, before you beat yourself to death trying to subvert the safeguards that Symantec has introduced since NIS 2002 (v. 4.0x), I suppose I should also tell you that there are anti-tamper provisions that Symantec has also implemented that affect not only its basic executables (which seem to expand exponentially with each passing year), but also the associated configuration files. The only changes that the latest versions of NIS/NPF is going to accept as being legitimate are those made via the (authenticated) user interface (GUI) -- and that means from the keyboard. Unless Symantec has badly screwed up, there is no way that you can write an independent, third-part executable that is going to be allowed to make such changes and still have a functional firewall.
_________________
Regards,
Joseph V. Morris
'The man who was not there"
Back to top
View users profile Send private message
IceBugF
Warnings : 1

Trooper
Trooper



Joined: May 12, 2004
Posts: 17
Location: Canada

PostPosted: Thu May 13, 2004 3:38 pm    Post subject:
Reply with quote

wrote:
Now, for the 'good' news (if you want to call it that).

I can see four possibilities:
Downgrade the NIS/NPF firewalls to NIS/NPF 2002 (version 4.0x or earlier, not 4.5x) Of course, this brings back all the vulnerabilities that Symantec was trying to eliminate, but at this point it's not that hard to do what you want. And, with a bit of luck, none of the malware writers are going to be trying to subvert NIS/NPF 2002 or earlier anymore.
Upgrade the NIS/NPF firewall. There are several options here. Going back to NIS/NPF 2002 Pro (v. 4.5), there was centralized administration capabilities present. Unfortunately, I think that only worked on a LAN; not on a distributed LAN/WAN. I've not seen anything that indicates that NIS 2003/2004 still provides this capability, however. Consequently, it might be a better idea to upgrade to the Corporate Edition (Symantec Corporate Desktop Firewalls, AKA 5.0x). Unfortunately, I really don't know if that works unless the machines are reconfigured on a LAN. (Still, this product does apparently work with remote laptops, so it's more a matter of the logistics that may be involved in making the change.)
Switch to another software firewall. As I recall, gwion (the Tiny-Kerio mod over at BBR/DSLR's associated forum) indicates that there is a corporate version of Tiny firewall that provides (and I'm probably going to screw this up) a CDE environment in which something like this might be far more easily done. (Among other things, Tiny (and Kerio) work with far more protocols than does NIS/NPF -- currently.) I just don't know if this implementation works to provide remote reconfiguration of other machines on a WAN. (I think there are also other products that may do this. Indeed, WRQ -- the people that originally produced AtGuard, the basis of NIS/NPF -- may also provide a product that will do this.) These can be far more expensive solutions, however.
Finally, there's a very esoteric possibility (and you have to be a damn good programmer to implement it) that might work (and I have no idea inasmuch as I've certainly never tried it with NIS/NPF 2003/2004). Nor am I going to discuss it in any sort of public forum -- other than to say that you would have to (yourself) make certain highly customized changes in the rulesets that you currently have installed on those other computers.

Now, before you beat yourself to death trying to subvert the safeguards that Symantec has introduced since NIS 2002 (v. 4.0x), I suppose I should also tell you that there are anti-tamper provisions that Symantec has also implemented that affect not only its basic executables (which seem to expand exponentially with each passing year), but also the associated configuration files. The only changes that the latest versions of NIS/NPF is going to accept as being legitimate are those made via the (authenticated) user interface (GUI) -- and that means from the keyboard. Unless Symantec has badly screwed up, there is no way that you can write an independent, third-part executable that is going to be allowed to make such changes and still have a functional firewall.
*sigh*
I just bought the 2004 software. This doesn't sound good.

_________________
Just when you think you have it fixed,
IT FIXED YOU......computer bugs.....
Back to top
View users profile Send private message Send email
IceBugF
Warnings : 1

Trooper
Trooper



Joined: May 12, 2004
Posts: 17
Location: Canada

PostPosted: Thu May 13, 2004 4:08 pm    Post subject:
Reply with quote

Hmm... this is not sounding very good at all, since I just recently choose NIS 2004 for these specific computers.

With those options in mind - and they, for now, provide me with very little of a solution - I wonder ... *sigh*

Okay. Never mind. There has got to be another way of providing a solution for this.

_________________
Just when you think you have it fixed,
IT FIXED YOU......computer bugs.....
Back to top
View users profile Send private message Send email
IceBugF
Warnings : 1

Trooper
Trooper



Joined: May 12, 2004
Posts: 17
Location: Canada

PostPosted: Fri May 14, 2004 1:24 pm    Post subject:
Reply with quote

Perhaps if I find a way to switch these computers over to zone alarm pro..........
_________________
Just when you think you have it fixed,
IT FIXED YOU......computer bugs.....
Back to top
View users profile Send private message Send email
Display posts from previous:   
Post new topic   Reply to topic       All -> FavForums -> General Symantec All times are GMT - 5 Hours
Page 1 of 1

 
 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum


Powered by phpBB 2.0.8a © 2001 phpBB Group

Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops