Remote Access Trojan / Open Ports

I am using Windows 98 OS with McAfee Virus Scan and Firewall 6.0. I also have a D-Link hardware firewall/wireless router.

If a remote access trojan (for example something like BO2K) is installed on my pc and subsequently attempts to open a port:

1. How might the trojan program get past the software firewall?

2. Assuming the trojan is able to get past the software firewall and open an IP port, would a hardware firewall still keep a hacker from "calling in" and making a connection to the trojan?

3. Assuming my pc is infected by a RAT, does the hardware firewall still protect my pc from a random port scan by any computer on the web?

grifdAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ravenplCommented:
1. You could download it by Yourself (from web, via mail, via P2P etc)
2. Yes, unless the trojan would listen on port, that is open open on firewall.
3. Yes, the firewall stands still ;)

But, if You get the trojan, You have to be aware, that trojan can try to be active, and connect to its master by himself. Then the firewall is useless.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
srikrishnakCommented:
okies..most of the SOHO firewalls doesnt really care about outgoing.. They work good for incoming connections but outgoing connections they will ask the permission of the owner...say for example Zone Alarm, it asks you first weather you want to allow this program to access internet or external net..so this can be compromized by the program by disguisin as for eg:svchost or some other thing..
Hardware firewall can just behave as you configured....for example if you told it that to open the port 80 or 21 for your servers the trozan cab ne used for the same purposes...

Again its the same answer for hardware firewall...Most of the low end firewalls doesnt have the "intilligence" to understand the pattern...

But saying all this still i can add my 2 cents...when your machine is protected by a hardware firewall as well as a software firewall then you are very much safer..(assuming the firewalls have configured properly)...so most likely any program cant break in to the server without ur permission..:)
ravenplCommented:
'srikrishnak' is right. I assumed, that You have external firewall, which will not be turned off by trojan You've downloaded. Becouse trojan could try (successfuly) to turn off, or disable some features of firewall that is running on the same machine.
Just like viruses.
And moreover, I didn;t mentioned, that the trojan could make a tunnel to other machine, which is available from internet. Throught that machine and the tunnel Your machine becomes open to the internet, no matter any of Your firewalls.
HTML5 and CSS3 Fundamentals

Build a website from the ground up by first learning the fundamentals of HTML5 and CSS3, the two popular programming languages used to present content online. HTML deals with fonts, colors, graphics, and hyperlinks, while CSS describes how HTML elements are to be displayed.

grifdAuthor Commented:
Thank you for that explanation.

In regards to tunneling:

Can a trojan program installed on my pc "tunnel" to another pc and give a hacker total access to my network - as if the hacker were sitting in front of my computer?

Or will the access be limited to the capability of the trojan program itself?

Can a tunnel be used to download files stored on my pc?
ravenplCommented:
> Can a trojan program installed on my pc "tunnel" to another pc and give a hacker total access to my network - as if the hacker were sitting in front of my computer?
Yes, but it will be limited to the capability of the trojan. Hence it's way easier to gain admin capabilities while haveing direct access(through the tunnel), than just network (ie. without firewall). And if the capabilities of the trojan process allows it to write/read files to Your disk, then it can be used to store/fetch files on Your desktop.
grifdAuthor Commented:
Thank you 'ravenpl'

Another question please.

You said that the "trojan could make a tunnel to another machine, which is available from internet. Throught that machine and the tunnel Your machine becomes open to the internet"

What must the other machine (that is tunneled to my pc) do to make my pc available to the internet?

Can this other machine make tunnels to multiple pcs and and make them all available to the internet at the same time? Or is that too much for one computer?
ravenplCommented:
> What must the other machine (that is tunneled to my pc) do to make my pc available to the internet?
It must be open to the internet (ie. without firewall)
>Can this other machine make tunnels to multiple pcs and and make them all available to the internet at the same time? Or is that too much for one computer?
I suggested, that it's Your machine is making tunnel to the another machine. But Yes, many computers may make a tunnel to one single open_host, and all are going to be available throught that tunnels.
srikrishnakCommented:
my 2c here..I dont say that ther is no possibility but the probability is very less...its just like you have a walled garden n firewalls protecting your servers but there is one OnM machine which has got direct access to the servers & Internet at the same time..

If in the case of Zone Alarm there is something like "trusted zone"..for ex you trusted the entire class c network then any of the machine in the subnet can have a direct access to the server or firewalled computer...then if the other machine is compromised then the entire subnet is in danger...however its not at all a best practise..:)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.