• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Firewall Working?

B

BlakkIce

Golden Member
i am used to Zone Alarm Pro and this weekend i switched to a hardware firewall how can i make sure its working (blocking incoming attacks)
 
The easiest thing to do is run a portscan... dslreports has a java applet that will do it.

Also, if you have IIS running and you have port 80 open on your machine go to c:\winnt\logfiles\....
Somewhere in there (I forget right now) you will find your IIS logs, which will have all requests that have come in.
 
<< Your namesake sucks. >>

neither do i.

[edit] HAHAHAHAHAHHHAHAHAHAHHAHAHAHHAHAHAHHAHAHAHAHHAHAHAHAHHAHAHAHAHAHAHHAHAHAHAHAHAH *pauses for breath* HAHAHAHHAHAHAHAHHAHHAHAAH! now i get it. [/edit]
 


<< or have someone ping you. if your firewall is legit, they won't get packets back >>



I see this all the time, Steve Gibson of GRC thinks it's "cool" to be stealth, when in all actuality it's harmful.

This hyper-paranoid approach to security causes some difficulties. For a start, Internet standard RFC 1122 states categorically about ICMP echoes (ping):

3.2.2.6 Echo Request/Reply: Every host MUST implement an ICMP Echo server function that receives Echo Requests and sends corresponding Echo Replies.

Note the MUST rather than SHOULD. This means that any internet user, or ISP server, has a right to expect that all live PCs connected to the internet will respond to ICMP ping requests with an ICMP reply. If a firewall user chooses to stealth ICMP requests so that no response is sent, they have only themselves to blame if they start experiencing problems, because they are in breach of RFC 1122.

The problems that might arise if you kill ICMP responses with stealth are:

Difficulties with DHCP lease acquisition or renewal in cases where the DHCP server checks on the availability of IP addresses, or your presence on the network, with ICMP ping requests [this doesn't actually happen on the original NTL network, but ICMP requests have been seen coming from the DHCP servers of the ex-C&W parts of the network].

Slowness of web connection setup in cases where the remote web server uses ICMP to determine the MTU of the response path.
So you are strongly advised not to apply stealth techniques to the ICMP protocol. In the freeware version of ZoneAlarm, this means you should run it in Medium Security, not High Security, for the Internet Zone. In ZoneAlarm Pro, you can configure ICMP behaviour to permit ICMP echo packets in and out even in High Security, using the Customize button of the Security Settings panel.

Similar problems arise with certain NAT routers, such as the Linksys. By default, the Linksys does not reply to incoming ICMP requests, equivalent to a stealth firewall.

Cheers!
 


<< Your namesake sucks. 🙂

Windogg >>


Its not his fault that the product "Black Ice" choose to use one of the terms from Gibson's Sprawl series.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top