Re: Is the Gaobot virus blocked with a firewall?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Steve N. (me_at_here.now)
Date: 05/08/04 

Date: Sat, 08 May 2004 18:45:08 GMT

No, the answer is NOT "yes, a firewall will block the Gaobot virus." It
depends how the firewall is configured. A firewall blocking TCP on both
ports 135 and 445 will prevent that particular exploit. A firewall NOT
blocking TCP on both ports 135 and 445 will not.

Steve

Alan wrote:

> So the answer is, "yes, a firewall will block the Gaobot virus."
>
> Alan
>
> "Steve Nielsen" <steve_nielsen@nospam.nowhere.net> wrote in message
> news:eXBYTVINEHA.3016@tk2msftngp13.phx.gbl...
>
>>If you knew how a firewall works you'd have seen the answer in what I
>
> wrote.
>
>>Yes, block TCP ports 135 and 445.
>>
>>Steve
>>
>>Alan wrote:
>>
>>
>>>And eventually, someone might actually answer the OP's question as to
>>>whether the Gaobot virus is blocked by using a firewall.
>>>
>>> Alan
>>>
>>>"Steve Nielsen" <steve_nielsen@nospam.nowhere.net> wrote in message
>>>news:uIfzblHNEHA.1272@tk2msftngp13.phx.gbl...
>>>
>>>
>>>>Ghostrider wrote:
>>>>
>>>>
>>>>
>>>>>Brian C wrote:
>>>>>
>>>>>
>>>>>
>>>>>>Is the Gaobot virus blocked with a firewall?
>>>>>>
>>>>>>I was curious if anyone got the virus using a firewall? Since it is
>>>>>>not detected by some virus programs.
>>>>>>
>>>>>>Brian C.
>>>>>
>>>>>
>>>>>
>>>>>A firewall is just one of the lines of defence for a computer
>>>>>system. Unless one keeps the computer completely off a network
>>>>>or does not accept any input from any untrusted, external source,
>>>>>including floppies, cdroms, websites, etc., then it is penetrable.
>>>>>But this is an improbable situation since users must e-mails, send
>>>>>files as attachments, do downloads, etc.
>>>>>
>>>>>Gaobot, according to SARC, infects computers through an IRC
>>>>>channel. To have an IRC channel, there is an open port through
>>>>>the firewall, or it might exploit ports 135 and 445. Does this
>>>>>answer the question about it?
>>>>>
>>>>
>>>>You're confusing how it infects with how attackers can use an IRC
>>>>channel to control an infected machine.
>>>>
>>>>It infects through the DCOM RPC vulnerability using TCP port 135 and the
>>>>RPC locator vulnerability using TCP port 445. This is different than
>>>>allowing an attacker to access an infected computer through an IRC
>>>
>>>channel.
>>>
>>>
>>>>Steve
>>>>
>>>
>>>
>>>
>
>

Relevant Pages

  • Re: Root exploit for FreeBSD
    ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
    (freebsd-questions)
  • Re: Root exploit for FreeBSD
    ... for two ports to my FreeBSD portscluster nodes. ... and it gives the firewall ... US this is also quite common, at least with regards to University ... if your computer is going to connect on our network it must be configured in certain ways and behave "normally" or you won't get a connection. ...
    (freebsd-current)
  • Re: Trouble accessing Outlook Web Access from behind firewall
    ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ...
    (comp.security.firewalls)
  • Re: iptables configuration
    ... >> that if a 'virus/trojan' initiated a connection to the net, the firewall ... >> would not protect the LAN. ... The LAN is NATed with private IPs to one public IP. ... the ports that are used by services running on linux. ...
    (comp.os.linux.security)
  • Re: How to stealth against ping/echo requests?
    ... I just started using the Online-Armor firewall. ... Some ports are even open. ... Are you behind a router? ... Every time it founds a new LAN, it asks if you want to trust it ...
    (comp.security.firewalls)