Hi,
let me get this right: You think by installing a firewall, the system is somewhat secured to rootkits, because they may listen on "to be firewalled" ports? If somebody compromises your system and installs a rootkit, it's almost easy for him to fiddle holes in your firewall - because he uses a ROOTkit.
The majority of rootkits/etc are automated, ala subseven. In other words it will work 98% of the time. Security is never absolute. It's about reducing risk to acceptable levels. It's like making /tmp a seperate partition with noexec, you can still exec programs in /tmp but no hacking scripts I have seen have the capability of doing so.
Ralf
Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/