My question is what happens when you block all coming ports into your network? For instance, since i have blocked all ports incoming but i can still connect to AIM, WINMX, etc. My understanding is that because I did not block outgoing ports, i should be fine or am I talking out of my ass?
Blocking Ports
- Thread starter beafer
- Start date
That's what I thought. I like the KISS principle. I use Zone Alarm, free edition. It ignores all unwanted incoming traffic. Even if your TCP port is open, it checks all incoming packets to make sure they're valid. I use Kazaa on cable internet access, my IP address has never changed in the 8 months I've had it, and I Zone Alarm gives me hundreds of notices that others are trying to access my PC via some obscure and some well-known TCP ports.
From everything I've read, ZA is the best software firewall. Simply tell it which programs are allowed to use the internet and your local LAN (if applicable), and it takes it from there. All other ports are in hidden--it does not send any kind of message back that the port is off, it simply discards the traffic. This makes the originator think the PC isn't even there. For ports that are in use, it discards all unsolicited packets to that port. So you can try to hack my port 80 (WWW) all day, but ZA will dump all traffic that I didn't request.
From everything I've read, ZA is the best software firewall. Simply tell it which programs are allowed to use the internet and your local LAN (if applicable), and it takes it from there. All other ports are in hidden--it does not send any kind of message back that the port is off, it simply discards the traffic. This makes the originator think the PC isn't even there. For ports that are in use, it discards all unsolicited packets to that port. So you can try to hack my port 80 (WWW) all day, but ZA will dump all traffic that I didn't request.
I am talking about TCP Ports. I wanted to block all incoming. Not worried, just taking preventive measures.
- Oct 25, 1999
- 29,545
- 422
- 126
Basic Protection for Broadband Internet Installation.
The following is not an inclusive solution for protecting all Internet connection installation, but rather am attempt to help Home and SOHO users to be reasonable safe in their Internet endeavors.
It depends what you have on your computer, if you have something that is very desirable, and a "real pro" wants it, no matter what you do they probably will find the way in.
In general, security issues at home and a small office installation involve:
1. Unauthorized Internet traffic coming in (from the Internet to your computer).
2. Unauthorized Information going out (from your Hard Drive to some one else Web Server), AKA software calling home.
3. Accidental leakage. Firewall left disable, computer left in DMZ etc.
Unauthorized Information going out is mainly a function of "spyware" and programs that are "calling home". Unfortunately, the amount of programs that are calling home is growing by the day.
The Hardware Firewall provided by most Cable/DSL Routers, is an excellent tool. However, it mainly secures the Incoming traffic, (see at the end the explanation) to secure the Outgoing aspect you need to add Software firewall.
Thus, many Router owners use the combination of Hardware, Software Firewall.
A popular software firewall is Zone Alarm (Basic version free).
ZoneAlarm Download.
Norton Internet security provides very good live control on info going out (Not free).
Norton Personal Firewall 2002.
You can check your system's security by logging to the following page, scroll down, and click on Shields Up.
Gibson Default Page.
Gibson Default Page.
Router is a device that mitigate between two Networks. In our case the Internet, and our LAN.
The out side Network has an IP address that belongs to the ISP. The inside Network has the IPs assigned by us or by the DHCP.
The Entry Level Routers main activity is the Network Address Translation (NAT) i.e. to make sure that each computer on our internal Network should get the Internet info. (From the ISP address) that belongs to it.
To make it inexpensive and uniform the implementation of the NAT is done by setting it so that all ports are blocked, and it reacts only to requests coming from the inside of the network.
As a result of this behavior i.e. reaction to the inside only, the NAT also act as a "Firewall", since it is not letting in info. unless it was requested from the inside.
Some of the new Routers have Firewall based on NAT and an additional "Stateful Packet Inspection" (SPI). This controls the nature of the information passing through the Router.
SPI looks at the content of the packets, and let you filter incoming, and outgoing information by rules. The resultant is better control of the info coming and going. E.g. parents can block exchanges that they deem unfit for their children. Employers can Block unfit site frequent by some employees.
Some of the old Routers (like the SMC Barricade line) can be upgrade to SPI by installing the most recent firmware.
The following is not an inclusive solution for protecting all Internet connection installation, but rather am attempt to help Home and SOHO users to be reasonable safe in their Internet endeavors.
It depends what you have on your computer, if you have something that is very desirable, and a "real pro" wants it, no matter what you do they probably will find the way in.
In general, security issues at home and a small office installation involve:
1. Unauthorized Internet traffic coming in (from the Internet to your computer).
2. Unauthorized Information going out (from your Hard Drive to some one else Web Server), AKA software calling home.
3. Accidental leakage. Firewall left disable, computer left in DMZ etc.
Unauthorized Information going out is mainly a function of "spyware" and programs that are "calling home". Unfortunately, the amount of programs that are calling home is growing by the day.
The Hardware Firewall provided by most Cable/DSL Routers, is an excellent tool. However, it mainly secures the Incoming traffic, (see at the end the explanation) to secure the Outgoing aspect you need to add Software firewall.
Thus, many Router owners use the combination of Hardware, Software Firewall.
A popular software firewall is Zone Alarm (Basic version free).
ZoneAlarm Download.
Norton Internet security provides very good live control on info going out (Not free).
Norton Personal Firewall 2002.
You can check your system's security by logging to the following page, scroll down, and click on Shields Up.
Gibson Default Page.
Gibson Default Page.
Router is a device that mitigate between two Networks. In our case the Internet, and our LAN.
The out side Network has an IP address that belongs to the ISP. The inside Network has the IPs assigned by us or by the DHCP.
The Entry Level Routers main activity is the Network Address Translation (NAT) i.e. to make sure that each computer on our internal Network should get the Internet info. (From the ISP address) that belongs to it.
To make it inexpensive and uniform the implementation of the NAT is done by setting it so that all ports are blocked, and it reacts only to requests coming from the inside of the network.
As a result of this behavior i.e. reaction to the inside only, the NAT also act as a "Firewall", since it is not letting in info. unless it was requested from the inside.
Some of the new Routers have Firewall based on NAT and an additional "Stateful Packet Inspection" (SPI). This controls the nature of the information passing through the Router.
SPI looks at the content of the packets, and let you filter incoming, and outgoing information by rules. The resultant is better control of the info coming and going. E.g. parents can block exchanges that they deem unfit for their children. Employers can Block unfit site frequent by some employees.
Some of the old Routers (like the SMC Barricade line) can be upgrade to SPI by installing the most recent firmware.
So what i said was basically right. I think. I will block ALL incoming and leave out the way it is. any one on the lan would have to worry about outgoing on there own. So you can in fact have your lan setup that way. I was worried people coming in. Outgoing, will be very cumbersome to manage. With the help of Ad-Aware and GRC port scanning, i THINK i am ok for now.
Thanks Everyone
Thanks Everyone
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter