Re: ZoneAlarm blocks FTP apps

From: Melvin Klassen (Klassen_at_UVic.CA)
Date: 01/26/05


Date: Wed, 26 Jan 2005 17:02:42 GMT

On Mon, 24 Jan 2005 19:24:42, "Jason Edwards" <none1@invalid.invalid>
wrote:

> > >>> Turn on the Windows XP Firewall, and turn off the Zone Alarm firewall.
> > >>
> > >> Hahaha, yeah right! :)
> > >
> > > Try it. It works.
> >
> > Yes, but my PC's security is compromised greatly as a result.
> > The Windows Firewall only protects data in one direction (in).

If your PC is compromised, it is compromised,
and ZoneAlarm may possibly prevent "rogue" applications
from accessing the Internet (if the compromise hasn't compromised
Z.A.).

If your PC is not compromised, then you don't need ZoneAlarm
acting as a "border-guard" to prevent traffic from going "out"
of your computer without your knowledge/permission.

> Can you elaborate a bit more on what you mean by data in one direction.

ZoneAlarm looks for "unsolicited" traffic,
from the Internet to your IP address,
and from your PC out to the Internet.

> The PC I'm sitting at has the XP firewall turned on, but I'm still able to view web pages so there must be data coming in. Why didn't the firewall stop it?

Hopefully, it was _you_ who sent IP-packets through the XP firewall to
one IP-address on the Internet.
The XP firewall "poked-a-hole" in itself to allow that one IP-address
to send "response" IP-packets to your computer.

Similarly, you could telephone a telemarketer, but you wish that your
telephone would block "unsolicited" calls from a telemarketer. The XP
firewall does block such "unsolicited" traffic. ZoneAlarm would ask
you for permission to complete a telephone call to a 1-900-HOT-SEX
number that your teenager would try to place, but the XP firewall
would not intervene in that case.



Relevant Pages

  • Re: Root access removed
    ... >>The simple answer to this is that for systems connected to the internet, ... misconfigured firewall) and a root kit installed. ... >>compromise later on if the PC is connected to a network. ...
    (Fedora)
  • Re: firewalling and dmz - hmmmm...
    ... > A compromise of the first firewall or of a computer in the DMZ does not ... > on that server. ... > DMZ and the internet. ...
    (comp.security.firewalls)
  • Re: ZoneAlarm blocks FTP apps
    ... > from accessing the Internet (if the compromise hasn't compromised ... >> The PC I'm sitting at has the XP firewall turned on, ... But if I were that teenager I would tell ZA to allow the outgoing call ...
    (comp.security.firewalls)
  • Re: Firewall confusion
    ... do a telnet on port 7265 on a server. ... You're taking the ZoneAlarm example too literally. ... applications can access the internet. ... Configuring the OpenSUSE firewall. ...
    (alt.os.linux.suse)
  • Re: Some networking does not work
    ... The machine worked fine for some time but suddenly internet stopped working. ... No other firewall is installed At least not as I can see in the control panel ... Error 65 is usually caused by a firewall program, such as ZoneAlarm, ... Reboot and try accessing the network again. ...
    (microsoft.public.windowsxp.network_web)