Firewalls?

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Posted: Wed Apr 25, 2007 6:32 pm

I use comodo firewall and it seems to work well.

What do you use ?

And what do you recommend?

Posted: Wed Apr 25, 2007 6:49 pm

I just use the firewall built into my router.

Posted: Wed Apr 25, 2007 6:54 pm

Oh yea, I forgot to mention that I have a firewall in my router too Embarassed

Baiting Guru Joined: 08 Jul 2004 Posts: 11857 Location: UK

I don't have any actual firewall on this computer, I used to use Zone Alarm, but that is no longer compatible, I think there is a firewall on my BT Home Hub, though.

Posted: Wed Apr 25, 2007 7:39 pm

^^^^^ Indeed there is, and a pretty good one too.
GRC reports always Stealth on mine.

I thought you had Vista? That has a two way blocking firewall built in, you just have to reconfigure it.

Baiting Guru Joined: 08 Jul 2004 Posts: 11857 Location: UK

^^^^ Cheers, for got about the GRC Shields Up port scan site, checking mine now.

Yes, got Vista on the laptop, but I am banned from using that for baiting purposes, I don't care, my XP laptop should be here from the 25th onwards (if they send the right one this time Rolling Eyes

)

[edit]

Results of the GRC Shields Up port scan:

Quote:

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Posted: Wed Apr 25, 2007 9:55 pm

I just use the firewalls in XP. But there are two hardware firewalls, a software firewall and SELinux to get through first. Not that I'm like the cautious type or anything...
What I would really like is better outgoing firewalls on these windows machines, but I haven't found anything sensible that blocks by port rather than just program. Anyone using something I ought to look at? erm, free of course

Posted: Wed Apr 25, 2007 10:56 pm

I use sygate, it has great inbound & outbound protection.

Posted: Wed Apr 25, 2007 11:55 pm

iptables -- built into every Mac Smile

Posted: Thu Apr 26, 2007 4:40 am

Quote:

the firewalls in XP.

Bad idea in my opinion. M$ firewall is useless which is probably why you need multiple ones running. Zonealarm will block outgoing programs, M$ blocks nothing. I like Zonealarm. Your hardware firewall should be configurable to block ports. Configure your firewall correctly and you don't need 5 of them, one will do.

@M: I ran ipchains for a while in the past. I felt so geeky that I scared myself. With the hardware router firewall I decided it was redundant.

Baiting Guru Joined: 08 Feb 2005 Posts: 2301

Smoothwall as a hardware firewall.

Zonealarm for my 32-bit systems, and no software firewall for my 64-bit systems because I haven't found one worth a damn that's compatible.

Baiting Guru Joined: 19 Mar 2007 Posts: 2628

We have PC tools firewalls plus set at Max on main pc. ( we have teenagers )
Think there's also a firewall in the router.

We also have a pop up blocker, AVG, spamfilter.
The laptops have Avast on them instead of AVG

Posted: Thu Apr 26, 2007 11:14 am

Hardware firewall built into the BT home hub and Zonealarm. I get a true stealth result, but my favourite part of the Shields Up test is when I check file sharing

Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.

Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Posted: Thu Apr 26, 2007 11:42 am

I can't see that anyone has posted a link to Shield's Up ! yet
It's free ..it's safe...and it can be interesting

https://www.grc.com/x/ne.dll?bh0bkyd2

Posted: Thu Apr 26, 2007 3:18 pm

@ spotthepot,

Thanks for the link to shields up, NOW I went there and run a check and all my ports showed stealth bar 1 which was port 113 but it said the port is closed?

So tecki question, does that mean it is all good???

Posted: Thu Apr 26, 2007 8:57 pm

Hmmm I'd definately run spybot, and if you know what to do with it - Hijackthis.

http://www.spybot.com/

Quote:

Port 113 identd/auth
identd, used to identify the "owner" of a connection. Reveals a lot of information to hackers.
BugtraqID: 587-By opening a large number of connections to port 113, you can kill a SuSE machine.
advICE: IDENT-More about the ident service.
RFC1413
RFC912
RFC931

EDIT I just ran shieldsup and found this at the bottom of a page, if you ran that test it may have left the port open, disclosing a vulnerablility.

ShieldsUP wrote:

IDENT, ZoneAlarm, and ShieldsUP!

Even though your computer's web browser already has a relationship with the web server at GRC, our tests originate from a different "foreign" IP address. ZoneAlarm therefore drops incoming packets to port 113 from this different probing IP address and ZoneAlarm users see that port 113 is stealthed to passing Internet scans.

To demonstrate how ZoneAlarm (and perhaps someday other firewalls or NAT routers) selectively "unstealth" port 113 — but only for known "friendly" machines — we simply initiate a connection from your web browser to the ShieldsUP! scanning IP. Even though the connection attempt will ultimately fail (since there's no web server at the probing address), ZoneAlarm will note the outgoing attempt and will unstealth port 113 for subsequent probes.

Step One: Verify that our scan currently show port 113 stealthed. (You may wish to use one of the other remote port tests which will be faster than an entire 1056-port grid scan.)

Step Two: Open a secondary web browser window to initiate a connection to the probing IP. (Users of Microsoft Internet Explorer can press Ctrl-N to "clone" their current browser window.)

Step Three: In the secondary web browser window, click this URL or enter this address:

http://4.79.142.206

This second connection attempt will ultimately fail, but ZoneAlarm will notice the effort, which is all that's necessary.

Step Four: Finally, refresh the port probe window or repeat the scan to check your system's current port status. You should find that port 113 is no longer "stealth" to the probing IP address because you are attempting to connect to it and it has been determined to be "friendly".

Step Five: If you're curious, stop and close the secondary web browser window and periodically refresh your port probe window to see how long the "friendly" status persists before Zone Alarm returns the probing IP to unknown status and port 113 to full stealth.

Posted: Fri Apr 27, 2007 2:23 am

A port closed means it answered the ping as closed. Technically, someone scanning your IP range will see your IP is in use because the port answered even though every other port dropped the ping with no answer. If all ports drop the ping then your IP looks unused.

It isn't a big problem in my opinion. As long as you don't have any telnet/remote login/messaging/file sharing/ftp services running. And if you are on dialup your IP will change every time you log in. And Zonealarm will drop any connection attempts.

Posted: Fri Apr 27, 2007 2:32 am

@Stargate - Ghostwall is 64 bit compatible. You do need to manually type in a few rules to get the perfect stealth rating from GRC, however.
They have a forum that explains what to do.
http://www.ghostsecurity.com/ghostwall/

Posted: Fri Apr 27, 2007 8:06 am

Thanks all for the great advice but I do have still one question.

Is it necessary to stealth port 113 if it is closed and if so, How do I do it?

All my other ports are stealth but just not 113. Cool

Posted: Fri Apr 27, 2007 5:04 pm

I think the answer to your question depends on what you are doing and how invisible you want to be.

How do you connect to the internet? Broadband cable? DSL? I'm guessing cable since you say you have a router. Are you using the NAT feature. I could assume you are because I assume you just plugged the router in and used it. No set up. So if that is true, you have enable access to your system through the default admin log in and anyone finding your address will just walk right in. In that case, yes, you should be as hidden as you can be.

Which router?

Any other computers on that router?

I would read this as well.

Posted: Fri Apr 27, 2007 5:42 pm

@DrWho,

Thanks for your help on this Smile

I have broadband and an SMC router, see here

http://www.smc.com/index.cfm?event=viewProduct&localeCode=EN_USA&cid=1&pid=924

I am new to routers as in only 3 months ago and although I have read the handy booklet that came with it, I am still unfamilliar with much of it.

I do use Zone alarm, comodo pro firewall and AVG virus and anti spy software.

I also have one other computer on the same router.

Not sure what the NAT feature is Question

EDIT EDIT

OKIDOKI I found the NAT feature and I think I got it ok, I ran shields up stealth and got 100 % stealth..

Quote:

GRC Port Authority Report created on UTC: 2007-04-27 at 17:56:05

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
0 Ports Closed
26 Ports Stealth
---------------------
26 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

Posted: Fri Apr 27, 2007 5:57 pm

I wouldn't use two firewalls on the same computer.

Quote:

NAT (network address translation) also known as network masquerading, native address translation or IP-masquerading) involves re-writing the source and/or destination addresses of IP packets as they pass through a router or firewall.

Make sure your external login to the router is disabled. (that is logging in to the router from the internet) Change the password to something completely unguessable. Read the article at GRC about the effects of port 113.

I wouldn't worry too much about it showing up in the scan. I scanned your address and nothing returns in the other ports. Requests are dropped.

Posted: Fri Apr 27, 2007 6:01 pm

Thanks DrWHo

I owe you and you have been a great help Smile