Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can your firewall be temporarily turn off so that someone can get into your comp


  • Please log in to reply
45 replies to this topic

#1 James T Kirk

James T Kirk

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:StarSystem 4
  • Local time:02:25 PM

Posted 08 February 2014 - 01:09 AM

*note to moderators: i don't need to fix my computer. this specific section if just for general security discussion.

 

can someone/malcious program fizzle, turn off, or temporarily dissolve your firewall so that they can get in?

 

i am trying to figure out more about security and what malicious stuff can do to your computer.

 

does anyone know the answer to this question?

 

sincerely,

thank you



BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:25 AM

Posted 08 February 2014 - 01:47 AM

Rather than fizzle the firewall malicious hackers would be far better off opening a random port for their communications, which would remain open. As to a malicious program doing this it would be a far more complicated scenario. i know webcrawlers constantly hit my work server firewall looking for open ports, but they would be unable to modify these settings from the inside if they did get in. (despite all the chaos they would cause). As to software firewalls on workstations being temporarily compromised on workstations... someone else can jump in here



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,604 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:25 PM

Posted 08 February 2014 - 09:17 AM

How to Stop Hackers from Invading Your Network

A firewall if not configured properly can act like an open door for any intruder.


Ethical Hacking writes:

If windows Firewall is disabled then u are more vulnerable to attacks. Whenever a hacker is creating a virus or Trojan he always tries to disable victim’s Firewall to make him more vulnerable.


How Hackers Work
The most common methods used by Hackers
Hackers and their methods
Eastern Michigan University: Methods to Hacking and Cyber Invasion
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:25 AM

Posted 08 February 2014 - 09:23 AM

so... quietman7

 

do you know of temporary disablement of firewalls for malicious purposes on workstations.?

 

is this possible/in the wild in your opinion? (compared to permanent disablement)



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,604 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:25 PM

Posted 08 February 2014 - 04:27 PM

I'm not a network administrator so all I know is what I read. I found those articles interesting and since they were relevant to the discussion I thought I'd share.

My thoughts...if the hackers are able to enter and disable the firewall, why do so and make it more obvious the machine may be hacked (or at less having some issue requiring investigation). Using backdoor Trojans and RATS makes their presence more stealthy, thus less obvious you have been hacked.

My Security Colleague, Didier Stevens, Microsoft MVP Consumer Security is the go to expert on network security...pershaps he will see this topic and provide further insight.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:07:25 AM

Posted 08 February 2014 - 04:54 PM

Test both your software and router firewall with LeakTest. https://www.grc.com/lt/leaktest.htm

Just assume LeakTest is a Remote Access Trojan (R.A.T) trying to call it's C&C.
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,604 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:25 PM

Posted 08 February 2014 - 06:26 PM

i am trying to figure out more about security and what malicious stuff can do to your computer.

You may want to read the information in Glossary of Malware Related Terms to gain an understanding of the different types of malware and what they do.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:05:25 AM

Posted 08 February 2014 - 07:18 PM

My Security Colleague, Didier Stevens, Microsoft MVP Consumer Security is the go to expert on network security...pershaps he will see this topic and provide further insight.

 

  he has a great blog, a treasure trove of information to be read.



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,604 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:25 PM

Posted 08 February 2014 - 07:28 PM

Yes and we are grateful to have him as a member of our staff.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 James T Kirk

James T Kirk
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:StarSystem 4
  • Local time:02:25 PM

Posted 09 February 2014 - 03:18 AM

hey quietman7, how are you doing bro?
 
"A firewall if not configured properly can act like an open door for any intruder."
how do you properly configure your firewall? :clapping:
 
so you are saying that they don't "disable" your firewall BEFORE they get in?  :radioactive:
that they can ONLY do it "after" they are already in?
 
hey ya TsVk!, i am glad you are here. thx for the reply.
 
that's funny that you mentioned that because that is EXACTLY what it looked like happened to me, and that i had been waiting to ask this question.
i'm glad you brought it up. (in the past) so i read my firewall logs and discovered that the suspect program had been blocked 427 times by my firewall in a 2 minute period, 425 times more than any other program! it was almost as if, at each "attempt", much like PROBING my firewall, they were checking my ports, one at a time, trying to look for an open port.
 
it was right about at this time that i started having (in the past) a error with my firewall program, in that it ALWAYS had an error when i went "online" and then, when i was NOT online, it NEVER had a problem. and what's more, and really strange, was that one time, there was script that was written in a foreign language on the firewall error box, and it was installed in english!!!
 
is this mean what it means to read your firewall logs, to look for this type of thing?
or is it "normal" for a legit program to be blocked 427 times (outgoing) by your firewall?
 
hi Crazy Cat. nice to meet ya.
 
so this program tests your firewall to see if it can get in to your system, to look for vulnerabilities, and then tells you how vulnerable your system is and what you should do?
 
USS Enterprise
in Deep Space 9


#11 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:07:25 AM

Posted 10 February 2014 - 12:21 AM

hi Crazy Cat. nice to meet ya.
 
so this program tests your firewall to see if it can get in to your system, to look for vulnerabilities, and then tells you how vulnerable your system is and what you should do?

Hello Mr Kirk,

No, it simply tests (when executed on your PC) if it can bypass your enabled firewall and connect with the server at www.grc.com without you giving any permission too. If your enabled firewall allows this to pass unchecked, then your "enabled firewall" has already failed - imagine what can be done with the firewall disabled!

And why do you have a wizard as your avatar and not James T Kirk? https://www.google.com.au/search?q=James+T+Kirk&sa=G&tbm=isch&tbo=u&source=univ&ei=4mD4Utr3IYrOkAXgpoDIBQ&ved=0CDIQsAQ&biw=1920&bih=996&dpr=1
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#12 James T Kirk

James T Kirk
  • Topic Starter

  • Members
  • 247 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:StarSystem 4
  • Local time:02:25 PM

Posted 10 February 2014 - 03:03 AM

hi Crazy Cat,
 
thats what i thought. interesting...
 
the avatar is like a rpg hero, one that is capable of getting smarter, gaining more experience, and raising levels.
to conqueror through where no man has gone before, or alien life form, only the artificial ai of a microchip processor.
to explore alien worlds and computer techniques, and security strategies.
 
thanks quietman7.
i have a bit of reading to do :step5:
 
USS Enterprise
in Deep Space 9 :idea:


#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,604 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:25 PM

Posted 10 February 2014 - 09:25 AM

....how do you properly configure your firewall?


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Kilroy

Kilroy

  • BC Advisor
  • 3,409 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:02:25 PM

Posted 10 February 2014 - 04:17 PM

I guess my thoughts would be if they can turn off your firewall, they already own your machine and would be better off leaving it up making you think you are safe.



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,604 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:25 PM

Posted 10 February 2014 - 04:34 PM

I guess my thoughts would be if they can turn off your firewall, they already own your machine and would be better off leaving it up making you think you are safe.

My thoughts are the same.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users