Hi,
--> A router cannot detect which program sent the package. It can deny access to certain IP ranges and/or certain port ranges.
Ok - this was a clear point. And what about standalone firewalls (i.E. SuSE Firewall) ?
--> As pointed out already, there may be some change to guess from the content of the packets which application is behind. But this applies for SuSE Firewall as well.
I think, to block such internet access is only possible with an client-based firewall, which knows the programs and dlls which are allowed to access the net ?
--> Yes. A nice one for windows is "Personal Firewall" it can display pop-up windows for packets that do not match any rule and you can restrict internet access to certain applications (they are identified by md5 checksums so even naming a trojan "netscape.exe" won't help).
The important point IMHO is to teach users not to download programs from the internet without thorough checking of the intention of the program. And of course not to click on suspicious links or open Email Attachments.
I think the only posibility to avoid such dangers is to prevent users from downloading ANY program ;-)
--> Yes, but I guess in most places this is not an option as it means restricting net access very much. Think about naming a file "program.html" and then save it as "program.exe". It would require a real content-check based on "magic chars" in each document that is retrieved from the net. Cheers, Armin -- Am Hasenberg 26 office: Institut für Atmosphärenphysik D-18209 Bad Doberan Schloss-Straße 6 Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY Email: schoech@iap-kborn.de Tel. +49-(0)38293-68-102 WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50