• Subject: RE: DSL Firewall Question/ZoneAlarm & Winroute
  • From: "Bob Crothers" <bob@xxxxxxxxxxxxxx>
  • Date: Sat, 13 Jan 2001 11:36:50 -0500
  • Importance: Normal

Doug,

First, I am also a very happy Zonealarm Pro user.  I love it.

My point was that a firewall can block stuff at a port level.  But your
point about applications is a very good one.  Zonealarm works at an
application level.  With a fire wall, you can say Nobody can use port 8080
for outbound and it will block it.  But with Zonealarm, you can say "the
Unifier Windows Client" (my product) can use port 8080, but nothing else
can.  And that gives those who need it (like me) flexibility that a firewall
doesn't.

Another thing I missed.  Since Ken has already spent $500 on a firewall at
home, he is most likely "extra cautious" (this is not a bad thing!).  And
perhaps the extra $40 for Zonealarm will be well spent.

Winroute is another very good product.  We use it at work to provide SMTP
relay, DNS relay, NAT, proxy, POP3, etc and are very happy with it.

Regards,
Bob Crothers

-----Original Message-----
From: owner-midrange-l@midrange.com [mailto:owner-midrange-l@midrange.com]On
Behalf Of Douglas Handy
Sent: Friday, January 12, 2001 10:48 PM
To: MIDRANGE-L@midrange.com
Subject: Re: DSL Firewall Question

Bob, et al,

>Check the documentation for how to setup
>filters.  No use spending another $40 per PC for Zonealarm pro (the non-pro
>version is free).

I think you missed the point of what Ken meant when he said:

>I will probably get ZoneAlarm Pro to block outgoing connection
>attempts for unauthorized applications (not that I think I have any on my
>PC),

Let me give you my personal experience on this.

Once upon a time, I used BlackICE Defender.  Then I switched to Zone Alarm
after
Gibson (at grc.com) reviewed it.  I was *amazed* at how often Zone Alarm
would
tell me about access attempts (which after awhile I optioned off because the
notification dialog wore out its welcome).   I also use simple DUN access,
but
just because it is a dynamic IP doesn't stop those who do scanning looking
for a
machine to respond.  Sometimes it would be within seconds of my connecting;
sometimes a long time or rare during a session.  But it was enlightening.

Equally revealing was what happened when I went to certain e-commerce web
sites.
Zone Alarm would immediately start popping up warnings of attempts it
blocked,
which would continue while at the site.  Leave the site and the warnings
stopped; return and they started again.  I was *not* impressed that there
would
be NetBIOS and other inquiries from a e-commerce site!  Needless to say, I
voted
with my feet and did not buy anything.

I am absolutely convinced even dial-up users should run something, and for a
freebie Zone Alarm it seems very good.  And the simplicity of using it also
makes it a good recommendation for non-technical folks.

Think a DUN connection with dynamic IP is safe?  Install Zone Alarm and
leave
warning dialogs enabled then see what happens.

Now I run Win Route Pro on my home office network.  It has fantastic
filtering
abilities, port mapping, NAT, logging, time of day rules, DNS, DHCP,
SMTP/POP3,
yada, yada, yada.  Yet I can see where Zone Alarm still has some value,
although
I am not currently running it.  Here's why.

Recently I installed a freeware utility to increase the speed of downloads
by
running multiple simultaneous connections (over one DUN connection).  It
works
great, enables pause/restart, and resume of dropped connections -- which is
great for stuff like CA service pack downloads!  I thought it was great,
until...

I have Win Route Pro set to use Dial-On-Demand, and may switch it to keep a
persistent DUN connection during office hours.  At any rate, I saw there was
dialing activity occuring at unexpected times.  The logs showed it was
initiated
from my main desktop computer accessing a certain IP address on port 80.  I
do
not have port 80 blocked.  So I did a nslookup on the address, which failed.
But with a little research I realized it was from the freeware utility I had
installed.  So I added a filter to block outgoing TCP packets to that
address on
port 80.  Every 15 minutes, the logs show a burst of 19 attempts to reach
it,
then it waits for another 15 mintues.

What's my point?  Simply that although the filters let me do what I want,
had it
not been for the unexpected Dial On Demand occurences, I may never have
realized
the traffic was occuring since I had port 80 open.  Since Zone Alarm
configuration works at the application level instead of llike port mapping
and
filtering, it can make you aware of rogue software attempting connections
from
behind the firewall over ports which are open.  With a DSL or cable modem, I
may
not have caught the software doing it -- or at least not very soon.

I think this is precisely the type of thing Ken meant when he made the
statement
I quoted above.  Of course, I didn't think I had any of that software
either...

Doug
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator:
david@midrange.com
+---

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.