Anybody know if ZoneAlarm can STILL be REMOTELY SHUT DOWN(*crashed*) by an ICMP Flood???
It SURE COULD a few months ago, which is why I got (BID) Black ICE Defender, to cover TCP ports 0,1,3, & 8.
Since I did that, I have had no problems, but I thought that anyone that thought they were SAFE using ZA, should know OTHERWISE, before they found out the HARD way, just as I had to.
Itried to contact Zone Labs about this, but they weren't any help at all, & the same goes for the Gibson Research Committee(grc.com)
I'm thinking that this vulnerability STILL exists, because I keep getting ZA alerts for a Port "ICMP Unreachable", & it's my BID that makes those ports unreachable.
Any replies will be appreciated.
I don't think that it is still vulnerable, if it was before...
I use ZA only and I get ICMP unreachable messages as well..
It might've just been a configuration issue with yours, coz I've used ZA for a long time, and I've always gotten those messages...
If you could tell me how long ago it was when crashing ZA via an ICMP flood was, I might be able to say for sure....
Incoming ICMP Unreachable (Winch ZAPro blocks) are from other hosts that are unreachable, that you tried to connect to, not saying that your computer is unreachable. ZAPro blocks (by default) these, and on my computer blocks ALL inbound ICMP packets!
The vulnerability was patched a couple of versions ago,at least.Been using ZA for quite some time now with no problems.I've run more thorough tests from sites other than those at GRC with satisfactory results.You may just have a configuration problem.You don't state the version you used,even if you're using an older version a mutex patch from an independent source has been available for this since at least January of this year.
Not sure what the exact number was, but I just upgraded ZA, 2 days ago, so I think that I had problems with the version 2 places back. Either way, it was approx 3 months ago that someone in Korea *crashed* my ZA while at redhat.com, and later, some lamer planted the BO2k on me, so once again, I re-formatted.
I could NEVER get Zone Labs to communicate with me, so I'm very glad to see that the problem was sorted.
Thank all of you for your reassurance.
I once got ddosed by these bunch of kiddies and zonealarm went down... so in the event of a ddos zonealarm will crash (depends how severe) so that's why I run Sygate aside of ZA on my win2k box.:D
Good for me...
I have been using ZoneAlarm for well over a year now, and it has never crashed on me.
It has stopped UDP port floods, ICMP port floods, and other floods. No problems here with it being shut down. :)