|
Doug, First, I am also a very happy Zonealarm Pro user. I love it. My point was that a firewall can block stuff at a port level. But your point about applications is a very good one. Zonealarm works at an application level. With a fire wall, you can say Nobody can use port 8080 for outbound and it will block it. But with Zonealarm, you can say "the Unifier Windows Client" (my product) can use port 8080, but nothing else can. And that gives those who need it (like me) flexibility that a firewall doesn't. Another thing I missed. Since Ken has already spent $500 on a firewall at home, he is most likely "extra cautious" (this is not a bad thing!). And perhaps the extra $40 for Zonealarm will be well spent. Winroute is another very good product. We use it at work to provide SMTP relay, DNS relay, NAT, proxy, POP3, etc and are very happy with it. Regards, Bob Crothers -----Original Message----- From: owner-midrange-l@midrange.com [mailto:owner-midrange-l@midrange.com]On Behalf Of Douglas Handy Sent: Friday, January 12, 2001 10:48 PM To: MIDRANGE-L@midrange.com Subject: Re: DSL Firewall Question Bob, et al, >Check the documentation for how to setup >filters. No use spending another $40 per PC for Zonealarm pro (the non-pro >version is free). I think you missed the point of what Ken meant when he said: >I will probably get ZoneAlarm Pro to block outgoing connection >attempts for unauthorized applications (not that I think I have any on my >PC), Let me give you my personal experience on this. Once upon a time, I used BlackICE Defender. Then I switched to Zone Alarm after Gibson (at grc.com) reviewed it. I was *amazed* at how often Zone Alarm would tell me about access attempts (which after awhile I optioned off because the notification dialog wore out its welcome). I also use simple DUN access, but just because it is a dynamic IP doesn't stop those who do scanning looking for a machine to respond. Sometimes it would be within seconds of my connecting; sometimes a long time or rare during a session. But it was enlightening. Equally revealing was what happened when I went to certain e-commerce web sites. Zone Alarm would immediately start popping up warnings of attempts it blocked, which would continue while at the site. Leave the site and the warnings stopped; return and they started again. I was *not* impressed that there would be NetBIOS and other inquiries from a e-commerce site! Needless to say, I voted with my feet and did not buy anything. I am absolutely convinced even dial-up users should run something, and for a freebie Zone Alarm it seems very good. And the simplicity of using it also makes it a good recommendation for non-technical folks. Think a DUN connection with dynamic IP is safe? Install Zone Alarm and leave warning dialogs enabled then see what happens. Now I run Win Route Pro on my home office network. It has fantastic filtering abilities, port mapping, NAT, logging, time of day rules, DNS, DHCP, SMTP/POP3, yada, yada, yada. Yet I can see where Zone Alarm still has some value, although I am not currently running it. Here's why. Recently I installed a freeware utility to increase the speed of downloads by running multiple simultaneous connections (over one DUN connection). It works great, enables pause/restart, and resume of dropped connections -- which is great for stuff like CA service pack downloads! I thought it was great, until... I have Win Route Pro set to use Dial-On-Demand, and may switch it to keep a persistent DUN connection during office hours. At any rate, I saw there was dialing activity occuring at unexpected times. The logs showed it was initiated from my main desktop computer accessing a certain IP address on port 80. I do not have port 80 blocked. So I did a nslookup on the address, which failed. But with a little research I realized it was from the freeware utility I had installed. So I added a filter to block outgoing TCP packets to that address on port 80. Every 15 minutes, the logs show a burst of 19 attempts to reach it, then it waits for another 15 mintues. What's my point? Simply that although the filters let me do what I want, had it not been for the unexpected Dial On Demand occurences, I may never have realized the traffic was occuring since I had port 80 open. Since Zone Alarm configuration works at the application level instead of llike port mapping and filtering, it can make you aware of rogue software attempting connections from behind the firewall over ports which are open. With a DSL or cable modem, I may not have caught the software doing it -- or at least not very soon. I think this is precisely the type of thing Ken meant when he made the statement I quoted above. Of course, I didn't think I had any of that software either... Doug +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.