• Subject: Re: DSL Firewall Question
  • From: Douglas Handy <dhandy1@xxxxxxxxxxxxx>
  • Date: Fri, 12 Jan 2001 22:48:05 -0500

Bob, et al,

>Check the documentation for how to setup
>filters.  No use spending another $40 per PC for Zonealarm pro (the non-pro
>version is free).

I think you missed the point of what Ken meant when he said:

>I will probably get ZoneAlarm Pro to block outgoing connection
>attempts for unauthorized applications (not that I think I have any on my
>PC),

Let me give you my personal experience on this.

Once upon a time, I used BlackICE Defender.  Then I switched to Zone Alarm after
Gibson (at grc.com) reviewed it.  I was *amazed* at how often Zone Alarm would
tell me about access attempts (which after awhile I optioned off because the
notification dialog wore out its welcome).   I also use simple DUN access, but
just because it is a dynamic IP doesn't stop those who do scanning looking for a
machine to respond.  Sometimes it would be within seconds of my connecting;
sometimes a long time or rare during a session.  But it was enlightening.

Equally revealing was what happened when I went to certain e-commerce web sites.
Zone Alarm would immediately start popping up warnings of attempts it blocked,
which would continue while at the site.  Leave the site and the warnings
stopped; return and they started again.  I was *not* impressed that there would
be NetBIOS and other inquiries from a e-commerce site!  Needless to say, I voted
with my feet and did not buy anything.

I am absolutely convinced even dial-up users should run something, and for a
freebie Zone Alarm it seems very good.  And the simplicity of using it also
makes it a good recommendation for non-technical folks.

Think a DUN connection with dynamic IP is safe?  Install Zone Alarm and leave
warning dialogs enabled then see what happens.

Now I run Win Route Pro on my home office network.  It has fantastic filtering
abilities, port mapping, NAT, logging, time of day rules, DNS, DHCP, SMTP/POP3,
yada, yada, yada.  Yet I can see where Zone Alarm still has some value, although
I am not currently running it.  Here's why.

Recently I installed a freeware utility to increase the speed of downloads by
running multiple simultaneous connections (over one DUN connection).  It works
great, enables pause/restart, and resume of dropped connections -- which is
great for stuff like CA service pack downloads!  I thought it was great,
until...

I have Win Route Pro set to use Dial-On-Demand, and may switch it to keep a
persistent DUN connection during office hours.  At any rate, I saw there was
dialing activity occuring at unexpected times.  The logs showed it was initiated
from my main desktop computer accessing a certain IP address on port 80.  I do
not have port 80 blocked.  So I did a nslookup on the address, which failed.
But with a little research I realized it was from the freeware utility I had
installed.  So I added a filter to block outgoing TCP packets to that address on
port 80.  Every 15 minutes, the logs show a burst of 19 attempts to reach it,
then it waits for another 15 mintues.

What's my point?  Simply that although the filters let me do what I want, had it
not been for the unexpected Dial On Demand occurences, I may never have realized
the traffic was occuring since I had port 80 open.  Since Zone Alarm
configuration works at the application level instead of llike port mapping and
filtering, it can make you aware of rogue software attempting connections from
behind the firewall over ports which are open.  With a DSL or cable modem, I may
not have caught the software doing it -- or at least not very soon.

I think this is precisely the type of thing Ken meant when he made the statement
I quoted above.  Of course, I didn't think I had any of that software either...

Doug
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].