Have you seen this page yet?
http://samspade.org/zonelog.html

Read it. It's giving me second thoughts about the likes of Zone Alarm.

I think Zone Alarm and Black Ice Defender are a little more documented and well known. I have a feeling that ZA just blocks the basic ports - don't know about BID but it seems a little more thorough from what I've heard.

I learned a lot about this kind of thing by locking down my Linux box after the recent hack-attack... BTW - the back door was in the firewall utility I downloaded from an untrustworthy site - hey, it looked legit to me.

butting in here sorry.

Socalgal, what exactly is a dsl router ?.

I have adsl, i have my network card connected to this device that hooks up to the phone line, is that the router ?.

Thanks for your time,
KKF.

[This message has been edited by King_Kooba_Fantastique (edited 03-30-2001).]

I asked that same question a while ago in relation to networking computers. Someone told me that I can use it to connect many, many computers.

Like this: http://www.us.buy.com/retail/product.asp?sku=10235958&hdwt=30704&loc=14577

I assume Socalgal is talking about this:
The router can also be configured to block internal users' access to the Internet

Sorry, I cannot give you a text book definition. http://www.sysopt.com/forum/smile.gif

Warthog

What a DSL Router does and why I want a Linksys BEFSR41 (http://www.linksys.com/products/product.asp?prid=20&grid=5) (or comparable) http://www.sysopt.com/forum/smile.gif

Features:
Connects to a Broadband Modem Or to An Ethernet Backbone
Equipped With a 4-port 10/100 Switch
Connects All of Your PCs to the Internet With Only One Purchased IP Address
Supports Dynamic and Static IP Addresses
Supports PPPoE
Creates a Firewall to Protect Your PCs From Outside Intruders
Configurable Through Any Networked PC's Web Browser
The Switch Dramatically Speeds Up Your Gaming and Multimedia Connections
Can Act as Either a DHCP Server or Client
Compatible with All Standard Internet Applications
Administrators Can Block Specific Interior Users Internet Access
Technical Support - 24 Hours a Day, 7 Days a Week
Full 1-Year Warranty

[This message has been edited by socalgal (edited 03-30-2001).]

And you get to share the internet connection without having to dedicate one computer as proxy server http://www.sysopt.com/forum/smile.gif

Love that Linksys!

KKF - I think what your "device" is, is the external DSL modem. What does it say on it? http://www.sysopt.com/forum/wink.gif

On the front it says:
Speed Touch Home by Alcatel

on the bottom it says:
Speed Touch Home Network Terminator.

KKF.

Like most general everyday puter users, I don't know diddly about firewalls ect. I have ZA, and get a lot of 'blocks' every day. How many others, that find their way thru is another story and I do not know how to check to see if some are getting around ZA. I also run another utility called Jammer. This utility only reports a possible port hack or attempt, then you can shut down, or whatever. I have had Jammer sound its alarm, when ZA just sat there...so, I guess ZA dosn't really catch them all. I wish I knew more about such as this...

I think the main thing I took away from that web page was that ZA blocks everything, when it shouldn't. There are many network activities that shouldn't be blocked.

I'm beginning to wonder if this is why I haven't been getting my MS Security updates through my gateway now, since I've set up Sygate as my server.

I've noticed certain email IPs being blocked since I've been using my gateway about a week, and the updates I missed are since 3 days ago...

Edit: Apparently, that wasn't it. I'm thinking it must have been a glitch on the MS Listserv, or my email server, as there are no back bulletins on my email server. I'm thinking it's MS though, because I just re-subscribed and it was accepted. If I had already shown as subscribed on their List, it would have come back with that message (already subscribed). Thanks, Rob.

[This message has been edited by socalgal (edited 03-30-2001).]

Check for any blocked IP address ranges in your Sygate configuration. I can't offer much advice for Sygate's routing software (though Sygate's Personal Firewall works quite well). I am personally using WinRoute Pro for DHCP, NAT, firewall, proxy, etc..

Any rate, to reply to the original link's comments about each of the mentioned firewall packages being port listeners, this is a serious overgeneralization. A port listening utulity can be easily overcome through the proper TCP/IP fragment exploit, thus rendering it useless. A port listening app will also generally issue with a port closed response when quiried with a port scan. The hacker now knows a computer exists at the advertised address, and that the "security" can likely be overcome. A true software firewall works by not responding to the port scan response to start with, thus the hacker does not even know the computer exists. This is just one security feature utilized by a firewall as compared to a port listening utility.

Robert Richmond

Interesting read.

While ZA, BID, etc., are way better than nothing (IMHO) and easier than manually closing ports for me, they are quite effective (per my online scans and with buds' friendly fire) hardware is a better way to go, IMHO. True, ZA does report my local networks way too much even though I have them configured in.

I'm getting a dsl router soon not only because hardwalls are better than soft, but also it will cut the softwalls' resources overhead.

Hmmmm, I don't think that person that wrote that show be complaining about Zonealarm. What he should be complaining about is Lockdown 2000 which is pure ****.