ZoneAlarm Pro Local Internet not only Locally!

From: Philip Wagenaar (PB.Wagenaar@Chello.NL)
Date: 11/06/01 

From: "Philip Wagenaar" <PB.Wagenaar@Chello.NL>
To: <bugtraq@securityfocus.com>
Subject: ZoneAlarm Pro Local Internet not only Locally!
Date: Tue, 6 Nov 2001 08:22:55 +0100
Message-ID: <000001c16693$de35fbb0$5241bbd4@www>

ZoneAlarm Pro is firewall for Windows home-users.

The following was tested with ZoneAlarm Pro latest version: 2.6.357

I`m not sure if it also works with the free version but I can't imagine
why it wouldn't.

Similair to Internet Explorer ZoneAlarm Pro (ZAP) has security settings
for Local and Internet.

However ZAP in certain cases classifies connections as Local when they
really aren't Local. All connections that have the same 2 octets as your
IP (ex. Your ip 123.123.123.123 -> 123.123.*.*) are also considered
Local.

This means everyone on with the same two first octet's of your IP can
connect to your computer under local level security settings instead of
the internet level security settings.

With default settings this will expose your computer and all it's ports
plus opening and allow access to windows services and shares. Users to
customize local level security to allow (and block) whatever they want.

How did I discover this?

I installed a webserver and asked some friends to view some pages but
they weren't able to connect. Zone Alarm Pro blocked the http port I
found out. But this surprised me since I viewed my http.acces and
http.error logife before I enabeled port 80 in ZAP and already had a lot
of requests from servers infected with nimba. After looking at the IP's
the first two octets were all the same.. the same as mine.

Philip Wagenaar
The Netherlands
philip@netlogics.nl

Relevant Pages

  • Re: ZoneAlarm Pro Local Internet not only Locally!
    ... ZoneAlarm Pro Local Internet not only Locally! ... As a technical support engineer for ZoneLabs I just ... zone are considered trusted, and all network traffic ...
    (Bugtraq)
  • Request help with browstat error
    ... ZoneAlarm Pro also installed, same version. ... Both machines can access the internet. ... build of browser master: 53" error. ... disable it on the XP Home machine, ...
    (microsoft.public.windowsxp.network_web)
  • Re: Zonealarm 3.1.395
    ... RNAAPP is part off the external driver from W98SE too go on internet. ... >> When run zonealarm Pro version 2.6.362, i have no problem and completly ... >> Local is on medium and internet is high. ...
    (comp.security.firewalls)
  • ZoneAlarm Pro - Saving configuration
    ... Latest ZoneAlarm Pro is installed on my Windows XP Professional ... XP Pro Client can access to the Internet via my machine. ... and DHCP must be clicked in Security> Advanced Security Properties> ... Internet Zone Custom Settings. ...
    (comp.security.firewalls)