2wire, ZA, SBC. Oh, golly!
From: Jerrod D (jojo_at_millenicom.com)
Date: 11/24/03
- Next message: Charles Newman: "Re: Bypassing Firewalls"
- Previous message: Iceman©: "Re: A little FYI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 23 Nov 2003 15:49:33 -0800
On a Win 98 box, I am connecting to SBC-Yahoo DSL via a 2Wire 1000SW.
Since I enjoy acting paranoid, I left my ZoneAlarm on despite the
warning that it is incompatible with the 2Wire gateway.
Have included the gateway's self referring addresses as local entities
and set local net to "medium" security in the ZA security setup. This
ended most of the problems I was having.
Some recurrent events still clog my log:
FWIN Bootstrap Protocol Server UDP port 68 to port 67 local
= 255.255.255.255 remote = 0.0.0.0
FWOUT Bootstrap Protocol Server UDP port 68 to port 67 local =
172.16.1.33 remote = 255.255.255.255 or 172.16.0.1
FWIN NetBIOS Session Service and MSFT DS, SMB Service Messenger Block
from 172.16.01 to 172. 16.33
These seem to be my machine talking to itself or the gateway and my
machine conversing. But, would appreciate any further elucidation of
what is happening here. Specifically, is the 2Wire gateway gathering
information about my machine to send it to the ISP or 2Wire? Should I
care if it is? Is there another vulnerability introduced here I should
know about? Should I add these URL's to my local zone in ZA's advanced
security setup? Should I do something else?
Also:
FWOUT ping ICMP (type8/subtype0) ports 0 to 0 local = 172.16.33 remote
216.34.165.33
The remote address belongs to Cable & Wireless and is among the
addresses checked when I run connection manager tests. Am I correct
that this is a normal part of DSL connection management and, if so,
what should I do? Am hesitant to include C&W as a local entity for ZA
but don't know of a way to allow outgoing pings without doing that.
Finally:
>From time to time, the network connection goes down. I have not
confirmed an association with any of the ZA logged events but have the
impression that it often happens after a blocked ping.
Is this likely to be my fault, being too paranoid? If so, do I need to
do something other than fix the above things?
Should I dump ZA and go to a firewall with more detailed configuration
options or greater compatability with 2Wire? If so, suggestions as to
which firewall to go to are more than welcome.
Many heartfelt thanks for any information you can offer. Much time and
headache have already been spent by this relative newbie. Need help.
- Jerrod
- Next message: Charles Newman: "Re: Bypassing Firewalls"
- Previous message: Iceman©: "Re: A little FYI"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
