dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed

wild colonial boy
Premium,ExMod 2001-08
Pittsburgh, PA

reply to Steve

Re: Analysis of Backstealth technology

"Can't open process. 5. ERROR"

That was the termination message that appears in the console...

... edit: and consider, too, that the implicit rules issue this has uncovered (again) is another vulnerability altogether. What good purpose do open-ended allow rules serve for the user? I make a practice of preaching to people, look, if you want to run a PC firewall, then do it right and restrict remote endpoints as much as possible... and here, we see the manufacturers putting unloggable, un-overridable implicit rules, and compounding the issues by making the remote endpoint "any remote host, port 80!" Why do I bother? Hell, that's unbelievable. They mean to tell me my firewall can connect to "porn_n_warez.com" as easily as update.kerio.com ? That's a serious problem. What purpose does a non-closable, non-loggable implicit rule serve to begin with? And even if there's an explanation, why... why on earth... make the rule endpoint "ANY" remote host???
[text was edited by author 2002-05-02 17:41:08]

I know your IP address
Foothill Ranch, CA

said by gwion:
"Can't open process. 5. ERROR"
"5" is a Win32 error code
C> net helpmsg 5

Access is denied.

No permission to open the process because it clearly couldn't get the debug privilege. It probably also printed the message Failed enabling Debug privilege. Proceeding anyway, right?

Stephen J. Friedl • Security Consultant • Tustin, California USA • »www.unixwiz.net