PDA

View Full Version : Zone Alarm Firewall



Witch_King
09-21-2001, 07:19 PM
I downloaded the 30 day trial version. It was beefier than the free firewall. I've been using it for about 10 minutes and it has already block 3 invaders from scanning my IP.

I really like this thing. I might buy the program after the 30 day trial. I should have had a firewall long time ago.

Betazep
09-21-2001, 07:22 PM
The default set-up is good, but check to see if you are at least at "medium" protection.

Witch_King
09-21-2001, 07:25 PM
Okay I have to run to school but I'll do that when I get back. I have blocked 5 people already. This is cool. It even sometimes gives information about these people including their name, address, phone number, IP, etc.

Should I report these pricks or what?

Unregistered
09-21-2001, 09:00 PM
k your acting like a retard....

the only reason you should use a firewall is if your doing "illegal stuff" on your comp or running a file sharing network....

all firewalls do is make people paranoid as hell...

and if a hackers wants into your machines he is just gonna ping your firewall to death and get in anyways...

3/4 of the scan you are gonna get are going to be webpages, your isp or some fool scanning your network for something... (which is in no mean an attack... its a script kiddie playing with his toys...)

Witch_King
09-21-2001, 10:54 PM
How does pinging the firewall allow them to get in? I love this firewall. It's great.

Witch_King
09-21-2001, 10:55 PM
Also I don't want to have people look at my programs. They are my property. Not only this but apparently files can be sent to apps and at least I get to see exactly what is being sent before I accept it. You dumb bastard.

Fordy
09-22-2001, 02:50 AM
>>the only reason you should use a firewall is if your doing "illegal stuff" on your comp or running a file sharing network....


Huh?? I use a firewall partly because I want to know which of my proggiez is trying to access the web while I am using my PC.

Am I being too over the top for doing this??????


>>and if a hackers wants into your machines he is just gonna ping your firewall to death and get in anyways...

Fair enough, but why should this stop me from using a firewall??

>>some fool scanning your network for something... (which is in no mean an attack... its a script kiddie playing with his toys...)

Fine, then disable the popup telling you that someones trying to access your PC and let Zone Alarm block'em

nvoigt
09-22-2001, 04:22 AM
>all firewalls do is make people paranoid as hell...

*g* like you not even having enough trust to leave a nickname ?

I wouldn't care for those that ping you. Soon there are far
too many to care about. What is important is they don't get to
know you are even there. Plus your firewall tells you which of
your programs wants to access the net without you knowing.
Trojans have a hard life then.

Good choice to get a firewall ;-)

rick barclay
09-22-2001, 05:36 AM
There is a program called "iphider" available (I think).
I think I have it.
Anybody who wants a copy, please raise your right hand.

rick barclay

gamegod3001
09-22-2001, 06:14 AM
There is a program called "iphider" available (I think).
I think I have it.
Anybody who wants a copy, please raise your right hand.


::Thinks about it but rembers he can't type with one hand:: :p

iain
09-22-2001, 08:08 AM
>>if your doing illegal stuff

Hmmm, yes, kittens

>>ping your firewall
I dont know if you have used a fw recently but the majority of them block ICMP echo requests (pings), thats part of their job

I agree that firewalls increase paranoia but what everyone must realise that not every warning is a hacker, the majority are just normal traffic routed, lost packets or data directed at the person who last had the IP.

But firewalls do stop a lot of hackers, my firewall prevented a trojan program dialling an international number because under the firewall thgey are forced to request permission, also i had a virus attatched to notepad which tried to connect to a remote computer and tried to act as a server. My firewall stopped both of these.

SOAK
09-22-2001, 09:19 PM
just so you guys know... ZA is crap against trojans as if you are infected it is too easy for the trojan to delete the .dll attached to the firewall

sub7 the trojan used by most script kiddies has this ability.... so does Back Orrifice

as for what pinging a firewall does is it ties up the firewall with huge numbers a packets eventually lagging it up and causing it to no longer be able to protect your computer.

if you want to control port acces use a port monitor...

:)

firewalls are fine to hide from script kiddies but you must realize that they are in no means protection against anyone with a little skill... also anyone running *nix will be able to scan you even if you have ZA due to a certain exploit... (not really an exploit but a flaw in ZA code)

just giving you guys the ups and downs :)

no-one
09-22-2001, 09:23 PM
ya but its better than nothing and most trojans are easy to frap anyways... excluding Donald D*ck that is

-KEN-
09-22-2001, 09:54 PM
Ok, but if sub7 deletes my dll, don't you think I'd notice my firewall's dead? then it's just a matter of unplugging your computer from your phone outlet and getting rid of the thing (which is easier than you think, I've had to get rid of trojans manually twice)

SAOK
09-22-2001, 10:25 PM
the firewall is not compeletly dead the icon is till there and it appears to be working fine but it can no longer block incomming packets or outgoing

no-one
09-22-2001, 11:43 PM
actually if im not mistaken Sub7 can just "bypass" so to speak but its not what it does in truth the firewall(s) entirly without disabling them.

Betazep
09-23-2001, 12:51 AM
>>the firewall is not compeletly dead the icon is till there and it appears to be working fine but it can no longer block incomming packets or outgoing

This is why you run updated virus software and run scans every midnight. Not you SOAK, but some of you guys are really silly. The purpose of security in every sense is to be a 'harder' target. Harder than who? Harder than your neighbor perhaps. Everything in computers is possible.... you build a better mousetrap, you get a better thief.

You know what... skript kiddies are what *I* am worried about. They do the damage. The professional hacker doesn't give a crap about me. The loot isn't big enough.

Bar none... here is the key. Get a firewall, get updated virus software, and if you are really paranoid... protect your IP with an anonymizer proggy like A4 Proxy. That simple folks. Will this block the master hacker... probably not... but the odds are in your favor that they aren't out to get you anyway.

~Betazep

p.s. Ever try to run a program when you are missing a required .dll file? The point... don't believe everything you hear. Some of it is just smoke and mirrors anyway.

Betazep
09-23-2001, 12:58 AM
>>the only reason you should use a firewall is if your doing "illegal stuff" on your comp or running a file sharing network....

I had to comment on this too... I bet that a year or so back Yahoo and other big companies wished even half of the people that unknowingly attacked them had firewalls capable of blocking program traffic.



~Betazep

Witch_King
09-23-2001, 02:07 AM
I've had Zone Alarm for a couple days. I'm blocking 400-500 attemps per day. I don't have any virii or anything, I can tell from using netstat.

One thing that a firealarm does for me is it gets me interested in learning about my Operating System. Maybe it won't stop hackers who directly target you but it will enable you to identify them and later report them. I can also lock the internet when I leave my computer on over night. I'm still learning about it but I like it.

Although I'm not doing too many illegal things on my computer, I do have some private documents, stuff that I want to copyright. Another reason for a firewall. All of the major virii are anonymous. If I get that then I can't do much. I'm going to pick up norton antivirus 2002. I don't want people somehow getting on my system and snooping around including my IP.

-KEN-
09-23-2001, 09:09 AM
Stop saying IP when you mean ISP! IP is a protocal and an address, not a service provider. that's an ISP! Sorry, but it was annoying me, dean.
you're not getting 400-500 atempts, you're just hitting a lot of background noise. If you're on anything better than 56k you'll get a lot of that, but it's easy to distinguish an attack from some random packet. Attacks will be something like the same IP address scanning through 10 of your ports, such as 31337, 1234, etc. All of those port 80 HTTP requests are probably Code Blue/Nimda coupled with any remnants of Code Red. I'm getting tons of those, too. If you see things trying to get a connection to anything with NetBIOS in the name then you're either running file sharing programs, or someone's trying to get into your computer. Thos're the ones I get annoyed over.

The most fun ones are people trying to connect to UDP 31337 and 1234. They're usually those stupid skript kiddies trying to find a computer with Sub7 or Back Orafice on it. Get as much info on them as possible with whois queries, etc. and report them to their ISP's abuse e-mail, and possibly the internet backbone for their ISP.

If they delete the DLL, ZA will b*tch about it I'm sure...

rick barclay
09-23-2001, 09:23 AM
>The professional hacker doesn't give a crap about me. The loot isn't big enough. <

Not true. If a hacker gets into your machine, he can use your ip
as a jump off to other sites where he will wreak his havoc. This
is commonly known as "bouncing," and provides one means
for the guilty one to cover his tracks.

rick barclay

no-one
09-23-2001, 11:04 AM
>Attacks will be something like the same IP address scanning through 10 of your ports, such as 31337, 1234, etc.<

10!!! just 10!!!! i had two guys in the same day scan 1000+ ports the rat bastards where from a damn company too so there's nothing i could do about it, and they were scanning for 3 days+

Betazep
09-23-2001, 11:10 AM
>>If they delete the DLL, ZA will b*tch about it I'm sure...

I agree completely...

Especially on restart when the file isn't found.

no-one
09-23-2001, 11:14 AM
you know, i could spread so much paranoia with only the truth...

BTW: if a "needed" DLL's missing you WILL get a warning and program failure.

Betazep
09-23-2001, 11:23 AM
>>Not true. If a hacker gets into your machine, he can use your ip
as a jump off to other sites where he will wreak his havoc. This
is commonly known as "bouncing," and provides one means
for the guilty one to cover his tracks.

Yes true and you are stating common knowlege. Do you only read the sections of posts that interest you?;)

My machine is a harder target than all of my neighbors. If you scanned past my ip, you wouldn't even see a reply from my computer (as if I didn't exist as all)... but people next to me have sendmail running, ftp, telnet, port 139 actively accepting connetctions, etc etc etc.

Why would a hacker bang their head on my firewall for an hour or two when they can be in one of my neighbor's computers in two minutes or less. Then they can 'bounce' away to their hearts content.

So I will rephrase... the loot isn't big enough for the task needed to break in when there are much easier targets that deliver the same outcome.

Is that better for you... :D

Betazep
09-23-2001, 11:33 AM
wow... this message has been edited because I can't read... sorry

SOAK
09-23-2001, 05:04 PM
Originally posted by Witch_King
I've had Zone Alarm for a couple days. I'm blocking 400-500 attemps per day. I don't have any virii or anything, I can tell from using netstat.

One thing that a firealarm does for me is it gets me interested in learning about my Operating System. Maybe it won't stop hackers who directly target you but it will enable you to identify them and later report them. I can also lock the internet when I leave my computer on over night. I'm still learning about it but I like it.

Although I'm not doing too many illegal things on my computer, I do have some private documents, stuff that I want to copyright. Another reason for a firewall. All of the major virii are anonymous. If I get that then I can't do much. I'm going to pick up norton antivirus 2002. I don't want people somehow getting on my system and snooping around including my IP.

first off how does netstat tell you if you have a virus???????

honestly if you send any scan reports to your isp they wont give a ****... and by the way those arent hackers scanning you.... they are just random internet noise or script kiddies scanning an ip range... the only time an isp will care is if your are being constantly scanned by a certain ip and then you have to provide logs with timestamps

as for leaving your comp on at night???? dude you need to think a bit! turn your comp off! dont leave it on at night! especially if you have a static ip

no-one
09-23-2001, 05:18 PM
>first off how does netstat tell you if you have a virus???????

it lets you know if there are ports waiting for a connection.

SOAK
09-23-2001, 06:05 PM
Originally posted by no-one
>first off how does netstat tell you if you have a virus???????

it lets you know if there are ports waiting for a connection.

of course i know that but most true virus do not connect to the internet

the only thing that netstat -a can find are trojans and possibly some worms that have a trojan canned in or are waitig for an update/instructions

Xterria
09-23-2001, 06:20 PM
You guys sure know your internet!:p

Betazep
09-23-2001, 08:01 PM
>> of course i know that but most true virus do not connect to the internet

Yeah dude... but the whole purpose of this thread is talking about internet and trojans and people hacking your computer. Nobody here is talking about BIOS viruses et al.

netstat will tell you if you are connected to anywhere: virus... sneaky hacker... or whatever. It is just one tool of many that you can use to diagnose strange occurences etc.

Witch_King... instead of shutting down your computer at night as suggested... try this if you have win98 or later.

run winipcfg in the start/run box

click on more info... that gives you a lot of info on your addressing, subnets etc.

Click Release all... voila.... you are no longer connected.

When you wake up in the morning... click renew all and happy surfing.

Don't only rely on ZAs internet lock if you think something suspicious is happening.

rick barclay
09-23-2001, 08:10 PM
Originally posted by Betazep
>>Not true. If a hacker gets into your machine, he can use your ip
as a jump off to other sites where he will wreak his havoc. This
is commonly known as "bouncing," and provides one means
for the guilty one to cover his tracks.

Yes true and you are stating common knowlege. Do you only read the sections of posts that interest you?;)

My machine is a harder target than all of my neighbors. If you scanned past my ip, you wouldn't even see a reply from my computer (as if I didn't exist as all)... but people next to me have sendmail running, ftp, telnet, port 139 actively accepting connetctions, etc etc etc.

Why would a hacker bang their head on my firewall for an hour or two when they can be in one of my neighbor's computers in two minutes or less. Then they can 'bounce' away to their hearts content.

So I will rephrase... the loot isn't big enough for the task needed to break in when there are much easier targets that deliver the same outcome.

Is that better for you... :D

Not true. You're speculating. I disagree with your speculation.
And didn't I say bouncing was a common term? What interests
me and others most are subjects that we feel we are a little bit
knowledgeable in. So we join the conversation.

As to why a hacker would bang his head against your firewall,
the answer is simple--because, like Mount Everest, it's there. He
wants to know what it is you deem so important that you have to take security measures to protect it. Your neighbors are no challenge to him. They bore him. You, on the other hand with your impregnable firewall, intrigue the hacker. It took MS and Norton less than two minutes to
get past my firewall and tell me my vulnerabilities.

Better for me...? I don't know what you mean. It's neither here nor there. :)

rick barclay

SOAK
09-23-2001, 08:11 PM
i guess im just crazy about getting people to use the correct terminology....

and you silly people dont have to explain to me what netstat does

Betazep
09-23-2001, 08:32 PM
>>What interests
me and others most are subjects that we feel we are a little bit
knowledgeable in. So we join the conversation.

First off... bite me :D


Secondly... thanks for joining in the conversation. Your controversial nature gives us a lot to talk about.


I guess for the final... we will have to agree to disagree. I see your point, but like I stated... my computer doesn't even respond to scanning. If I never came to a board where my IP was logged, my IP would never seem to even exist. So I don't even look like mt everest. I look like just another empty socket.

I think that it is more appealing to some hackers to hit the bleeding and I am positive it is such for these 'script kiddies.' (some of which become good hackers I imagine.)

I envy people that can get through my security, and I in know way think it isn't possible. I run everything pretty sloppy at home. Mostly because I do not care. I update my virus software daily and run a firewall. I am doing my part to keep things a little more secure from attacks from China or wherever. ;)

Betazep
09-23-2001, 08:34 PM
>> and you silly people dont have to explain to me what netstat does

You don't have to resort to namecalling dude. I may be silly, but I have been on these boards for a long time. no-one is one of the smarter people I have come across on these boards in all that time. So if you want to call me silly, go ahead... but don't blanket everyone.

I think you just are angry because you got shown up...

Witch_King
09-23-2001, 08:50 PM
I agree with Betazep. If you are a teen than please try to hide your immaturity because you are very annoying to the adults and we have had enough.

I should know about my OS as well as the internet however I have not been involved with computers for very long and I've mostly focused on learning programming languages C and C++. Infact I have only had a professional operating system for a couple months.

I appreciate the help from those who are respectful such as Betazep, Stealth, Fordy, no-one, Rick, etc.

BTW I cant find 'winipcfg'. It's not registering as a command or as an executable. I have Win2k.

SOAK
09-23-2001, 08:52 PM
rofl!!!!!!!!!!!!!!!

you get insulted by the word silly!!!!!!

i was being friendly

Betazep
09-23-2001, 09:12 PM
Sorry bout that... I forgot you were on win2k.

From a command line type

ipconfig /?

you will notice that you can /release_all and /renew_all

The text may be a bit different... but essentially....

ipconfig /release_all

and

ipconfig /renew_all

should do the trick (make sure you check the help because it could be /release-all etc.... but it is something like that)

~Betazep

p.s. Glad to humor you SOAK... are you going to show us your skillz and figure out the Aardvark problem (the one that is easy you said)? I will give you some help... the box is a RH 6.2

SOAK
09-23-2001, 10:47 PM
:) i dont need hints or help :)

im trying to be nice and you keep trying to make me angry... but im not :)

the first thing i did after i looked at the javascript was to telnet to the ftp port on his site and holy cow there it is RH 6.2

mithrandir
09-24-2001, 12:23 AM
>BTW I cant find 'winipcfg'.

I'm not sure if it is an NT/2000 command, although that doesn't make much sense as NT/2000 are OSs made to connect to networks. Have you tried looking up your help files or searching through Microsofts site?

If you have a DOS prompt you should be able to use ipconfig in NT/2000. Have you tried calling winipcfg from a prompt?

mithrandir
09-24-2001, 12:54 AM
Witch_King, the reason why you can't use winipcfg in 2000 is because it is not an NT/2000 function. Instead you may want to go to a DOS prompt and type ipconfig /all | more. This should provide information that winip would normally provide. hth.

Betazep
09-24-2001, 01:17 AM
>>im trying to be nice and you keep trying to make me angry... but im not

I am not trying to make you angry.

If you don't want to help, then don't say things like "its easy" etc. Everything you post is "Oh I can do that... but I am not going to show you how because you are a skript kiddie and I am a big bad uber hackor."

So you say all this stuff... and I say... step up to the plate. Show don't tell. And you consider this as insults from me.

You are silly bro...

I hate when people act like they have nothing to learn. I have a degree in computer science, A+ certs, working on my CCNA and MCSE, and I still consider myself to know nothing. Computers are a big world Uber SOAK... it is ok if you don't know it all...


~Betazep

Betazep
09-24-2001, 01:20 AM
Witch_King, the reason why you can't use winipcfg in 2000 is because it is not an NT/2000 function. Instead you may want to go to a DOS prompt and type ipconfing /all | more.

Thanks for furthering my info stealth. Good stuff.

~Betazep

-KEN-
09-24-2001, 06:51 AM
hehe, something about saying "Big bad uber SOAK" sounds funny to me...

>>First off... bite me

my sentiments exactly.

It's one thing if you actually have some knowledge on the subject, but even if you do don't insult people and think you're all high-n-mighty. Second, you haven't SHOWN you have the knowledge, you just insult people.

mithrandir
09-24-2001, 06:55 AM
>Thanks for furthering my info stealth. Good stuff.

Yeah nps. I didn't realise until after my posts that you'd already mentioned ipconfig. But I did quick search around and found out why it wasn't working. Two heads are better than one I guess.

rick barclay
09-24-2001, 02:00 PM
>First off... bite me :D <

Bend over :p .

We speaka da same lankwadge. I have a linksys cable modem
doubling as a firewall, but it doesn't log anything, so it's really
no fun. But I don't care. I feel safe because Norton'c can detect
Back Orifice and Sub 7, and I don't go to the kiddie sites like
AIM, and I don't d/l anything via IRC. I'm also very careless
in just about everything I do, save for composition, which is my greatest gift.

Most script kiddies ply their trade at some college or public
library (opinion). These Code Red and Nimda guys are a different
breed and very non-American, I'd say, too. I think now that we're
at war they'll get caught in the tightened security.

Have you ever read Hacking Exposed? It gives you the step-by-step
skinny on how to hack and how to implement counter measures.
A must read primer for anyone who wants to learn hacking.
LOL protecting yourself from those evil Chinese. They did put
my site down for the greater part of a day. So what? Que sera.

rick barclay