Re: They can break ZoneAlarm easily !

From: David (davidwnh@adelphia.net)
Date: 10/08/02 

From: "David" <davidwnh@adelphia.net>
Date: Tue, 08 Oct 2002 02:07:41 GMT

I think the best bet with these personal firewalls is to set up as many
options as possible to disable certain services/protocols so that if a
specific hack finds a way to circumvent one option or there is a bug in the
program, then there are other settings blocking the packets. Also if there
is a bug in the firewall software or a vulnerability in the operating system
itself other firewall settings as well as operating system settings can
prevent the use of these vulnerabilities. There are several settings to make
netbios(filesharing, etc.) unavailable to outside hackers as well as inside
trojans.
1. Disable Client for Microsoft Networks on the specific adapter connecting
to the internet
2. Disable File and Print Sharing for Microsoft Networks on the specific
adapter connecting to the internet
3. Disable netbios over TCP/IP in the TCP/IP ->advanced->Wins section of the
IP stack on the specified adapter
4. Set up your Internet connection IP address in a high security zone on
ZAPro
5. Disable NetBios over TCP/IP in the advanced firewall settings on ZAPro
for your internet zone
6. Specifically block ports 137,138,139 (tcp and udp)in the advanced
settings of ZAPro for your internet zone

You may think this is overkill but hackers can and have figured out ways,
particularly with trojans, to change registry and program settings.

I have seen port blocking(item #6) have adverse affects with specific
services (not necessarily netbios)on trusted lan connections so you may have
to add the loopback adapter(127.0.0.1) to the trusted zone and/or
specifically allow ports in the trusted zone that you have blocked in the
internet zone. I don't know if this bug/glitch is fixed in the most recent
version of ZA, however it isn't mentioned as specifically being fixed in
their posted version history.

"Latet" <NOSPAM_latet@poczta.onet.pl> wrote in message
news:anrebs$geo$1@pippin.warman.nask.pl...
> > Did you put your DSL modem address in your trusted zone?
>
> OF COURSE NOT !!!
>
> Latet
>
>

Relevant Pages

  • Re: My Network Places: Local Network & The Internet
    ... part of the Internet zone. ... On each machine, in ZA, Firewall ... router/DNS server in the "Trusted" Zone. ... I notice that my two Network Adapters on both the laptop and desktop are ...
    (microsoft.public.windowsxp.network_web)
  • Re: Is XP Firewall Effective?
    ... Then in the " Add the Web site to the zone" I add the sites that I visit often ... internet, those other sites will have high security settings. ... > You are in pretty good shape with the D-link and using XP ICF firewall. ...
    (microsoft.public.security)
  • Re: using group policy to block installation of spyware/adware
    ... Content Zone security settings, such as high for the internet zone and then ...
    (microsoft.public.security)
  • Re: My Network Places: Local Network & The Internet
    ... part of the Internet zone. ... On each machine, in ZA, Firewall ... router/DNS server in the "Trusted" Zone. ... I notice that my two Network Adapters on both the laptop and desktop are ...
    (microsoft.public.windowsxp.network_web)
  • Re: ZoneAlarm Firewall NOT Working ?
    ... >>> I have my Internet Zone and Trusted Zone both set on Medium so that my ... > I too can only run ZA in Medium settings. ... I have 2 PC's using ICS. ... ICS Share adaptor IP address of my ISP also in the Internet zone ...
    (comp.security.firewalls)