Get a damn firewall !!!!!!!!!!!!!!!

[konichiwa]

<< Thanks for the advice. I use Blackice! >>

Little does he know that BlackIce is the worst software &quot;firewall&quot; on the market.

My advice to the rest of you...get a hardware firewall. They don't take up system resources and they are *highly* customizable. Of course, if you're not into that, then just stick with ZoneAlarm, but anyone who wants to learn about what the firewall actually does and how to modify it to your needs -- a hardware firewall is for you. They can be had very cheap nowadays, usually inside a hardware ICS router (SMC, Netgear, Linksys, etc)

 

[nomahe]

<< BlackIce isn't a firewall?? What does it do then? >>


No it's most definately not. It doesn't do much IMO. Even BI execs when asked why ZA caught traffic and BI didn't, admitted that it's not a firewall.

 

[HansHurt]

You know what, come on in....your all welcome to visit my computer and steal whatever info you like.....you won't find much though, I mean nothing valuable.

My computer connection is a big gaping hole...you could stick your fist in it...please do, I don't mind at all.




The Gaping One,

Hans

 

[Electric Amish]

My Blackice catches a lot.

I don't like ZA because I have to shut it down whenever I play an on-line game.

I use BI and NAT32.

amish

 

[konichiwa]

<< My Blackice catches a lot. >>

BlackIce doesn't catch traffic going out. Maybe it should be called &quot;BlackIce Half Firewall&quot;

 

[Viper GTS]

I don't like ZA because I have to shut it down whenever I play an on-line game.

Open the ports for the game then.

Surely it provides support for that?

Viper GTS

 

[nomahe]

NM. Konichiwa said it.

 

[Electric Amish]

True. It doesn't catch outgoing traffic. I never thought of that....

amish

 

[Maiora]

We use this to protect our networks. I think that qualifies as a good hardware firewall. Failing that, this stops hackers dead!

Maiora

 

[Aenygma]

Why do you have to shutdown ZA when you play a game??? I play all the time with it running.

 

[Electric Amish]

Whenever I tried to play Asheron's Call online, or Age of Empires on the LAN it would crash the App.

amish

 

[josphstalinator]

<< theres no way somebody can put the trojan on your comp even if all your ports are open and accept random connections >>



Are you new?

enlighten me. how can you instal someting on somebody elses comp via the net or lan?

 

[Pretender]

<< << theres no way somebody can put the trojan on your comp even if all your ports are open and accept random connections >>



Are you new?

enlighten me. how can you instal someting on somebody elses comp via the net or lan? >>

Good computer setups wouldn't accept random connections. If it does you're already fux0red (excuse my french).

 

[Balt]

Speaking of ZoneAlarm 2.6...

I'm still using 2.1.25, is there any real reason to upgrade? If it uses any more resources then I'd rather not upgrade unless there are new features I really need.

 

[Russ]

<< how can you instal someting on somebody elses comp via the net or lan? >>



Duh. It's called file shares. If you have port 139 open (NetBIOS), and have unprotected shares while having TCP/IP bound to file and print sharing any hacker worth his salt can log in to your system and install anything he wants.

Russ, NCNE

 

[josphstalinator]

Duh. It's called file shares. If you have port 139 open (NetBIOS), and have unprotected shares while having TCP/IP bound to file and print sharing any hacker worth his salt can log in to your system and install anything he wants.

for a second there i thought you knew something i didnt. theres a BIG difference between coping a file to somebodies hard drive and executing a file on somebody's computer. so try again.

 

[Russ]

Are you REALLY that dense? If the hacker can login to your share, he can do EXACTLY the same things you can do from your own keyboard, including planting trojans and executing files.

Russ, NCNE

 

[The Wildcard]

Wow, i just read that article on GRC.com, quite interesting. Anywaz, zonealarm is very good, and i recommend it to all who don't want to pay for a firewall, lol.

 

If someone is going to DoS you, there is nothing you can do about it.
If someone wants to shove 100mbit down your throat for hours, a piece of software will do nothing to protect you from it.

 

[FrancesBeansRevenge]

<< Are you REALLY that dense? If the hacker can login to your share, he can do EXACTLY the same things you can do from your own keyboard, including planting trojans and executing files.

Russ, NCNE >>



Well, IMHO it's not just a clever act. So draw your own conclusions

 

[Russ]

SammySon,

The point of the personal firewall is not to prevent becoming a victim of a DDoS attack. You're correct that if it happens, one is screwed.

The point is to prevent becoming part of the first &quot;D&quot; in DDoS.

Russ, NCNE

 

[gar598]

umm I don't think my 14.4 dailup will do much damage


I really don't think these people are hax0rs more like Crackers :&quot;

 

[FrancesBeansRevenge]

<< SammySon,

The point of the personal firewall is not to prevent becoming a victim of a DDoS attack. You're correct that if it happens, one is screwed.

The point is to prevent becoming part of the first &quot;D&quot; in DDoS.

Russ, NCNE >>



Exactly. If every machine were adequately protected there would be no first &quot;D&quot; therefore no real effective DoS attacks.

 

[Descartes]

<< If every machine were adequately protected there would be no first &quot;D&quot; therefore no real effective DoS attacks. >>



What you all have to understand, is that &quot;adequate protection&quot; doesn't mean simply putting a firewall in place. Networks with many layers of security still expose services, otherwise they wouldn't be on the internet to begin with. So long as these services are exposed, any given network is at risk.

To inundate windows boxen, a service need not even be running. You can launch a DoS attack against a windows box even with a firewall in place. So, with that in mind, get yourself a non-software firewall, put it on a different box to provide a level of indirection between yourself and any potential attacker, and understand that if someone really wants in, they'll find a way.

 

[FrancesBeansRevenge]

<<

<< If every machine were adequately protected there would be no first &quot;D&quot; therefore no real effective DoS attacks. >>



What you all have to understand, is that &quot;adequate protection&quot; doesn't mean simply putting a firewall in place. Networks with many layers of security still expose services, otherwise they wouldn't be on the internet to begin with. So long as these services are exposed, any given network is at risk.

To inundate windows boxen, a service need not even be running. You can launch a DoS attack against a windows box even with a firewall in place. So, with that in mind, get yourself a non-software firewall, put it on a different box to provide a level of indirection between yourself and any potential attacker, and understand that if someone really wants in, they'll find a way. >>



Yes, the point is.. DoS attacks arent particulary effective or troublesome (especially against larger networks). Its the DDoS (as Russ pointed out) that are the killers. Remove the pawn machines (or 'bots' in l33t hax0r lingo) and you dont have much of an attack.