Re: Zone Labs Pro question

From: David (davidwnh@adelphia.net)
Date: 03/16/03

• Next message: WizzyWoW: "Re: Nokia VPN210 Wont Boot?"
• Previous message: David: "Re: Zone Alarm Pro question"
• In reply to: Rick: "Re: Zone Labs Pro question"
• Next in thread: Rick: "Re: Zone Alarm Pro question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "David" <davidwnh@adelphia.net>
Date: Sun, 16 Mar 2003 19:36:36 GMT

This is hard for some to grasp because the way these things filter
is "magic" to many users, but it does get rid of the total reliance on
program control for outbound protection. You can add a range or various
random ports. And I think they are separated with commas......ie.

69,137-139,445, 6665-6669

It never hurts to block the same list in UDP also.
There is some significance to that list so when you have a chance find a
good trojan port list. The ones which put a client program on your machine
as opposed to a server are the ones to block going outbound. You just need
to make sure you don't block any ports that are also associated with valid
protocols you use. I also added the NetBios ports in case you ever need to
loosen up the firewall security level to troubleshoot, the NetBios ports
will still be blocked. And 69 can truly 69 you so block that one outbound
for both UDP and TCP in any case :)
And it goes way past what you inadvertently allow because links to other
services can be put into webpages and html mail (which for the most part
everyone allows) which are meant to do some "very interesting" things.
>
> Ah -- now I get what you're saying. You're saying that any program I've
> (possibily inadvertently) given access will barrel on through unless I
> specifically block these ports. But I don't see any way to specify ports
> that I want ~blocked~ -- all I see is a way to specify a range of port
> addresses to ~allow~.
>
>

---

• Next message: WizzyWoW: "Re: Nokia VPN210 Wont Boot?"
• Previous message: David: "Re: Zone Alarm Pro question"
• In reply to: Rick: "Re: Zone Labs Pro question"
• Next in thread: Rick: "Re: Zone Alarm Pro question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: I am sick of windows firewall ... I use the AnalogX IPsec rules to supplement BlackIce ... need IPsec to stop outbound that BlackIce cannot do by ... attempts on the Windows networking ports even though BI ... supplemental packet filtering solution. ... (comp.security.firewalls) Re: security advice (possible hacker activity?) ... Well, it's entirely up to you, but usually blocking all ports both outbound ... trojan or worm is installed onto the web server. ... the IIS web server. ... (microsoft.public.inetserver.iis.security) Re: security advice (possible hacker activity?) ... Well, it's entirely up to you, but usually blocking all ports both outbound ... trojan or worm is installed onto the web server. ... the IIS web server. ... (microsoft.public.win2000.security) Re: Question regarding firewalls ... In an SBS domain, what firewall ports are really needed for most ... 110 if they use POP3 on external server ... Your clients should need only HTTP and HTTPS outbound, ... (microsoft.public.windows.server.sbs) Re: Question regarding firewalls ... In an SBS domain, what firewall ports are really needed for most ... 110 if they use POP3 on external server ... Your clients should need only HTTP and HTTPS outbound, ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)