April 3rd, 2004 02:33 AM
free firewalls and ICS
first post, so hello to you all.
after searching thru the forums ive found the most highly reccomended free personal firewalls seem to be Sygate, Kerio and Outpost. after trying Sygate i found it didnt pass the true stealth analysis on the gibson research site, altho im unaware of how important this really is (it left 1 port open), and if i could configure it so that it would. I thought id try out the other 2, but after reading about their features on the developers sites, noticed that aparantly niether support ICS (internet connection sharing). I need and use ICS on my 2 computer home lan, as i dont have a router, and after having a lot of problems with ICS and ZoneAlarm i decided a change was in order. my question is: do Kerio and/or outpost work with ICS as ive read on these forums, if not, how can i properly configure sygate to be secure as possible (direction to another post is fine). Otherwise, should i be looking at a different firewall from these?
thanks in advance
April 3rd, 2004 02:58 AM
Give the Kerio firewall a shot. It has network support and is highly configureable.
While using IRC, the shields up firewall test showed 1 open port the first time I ran it, but on subsequent scans, it came back as fully steath. In other words, it learned. Perhaps the sysgste firewall would do the same thing...did you try it a second time?
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
April 3rd, 2004 03:33 AM
You don`t use a router for your home lan?
my question is: do Kerio and/or outpost work with ICS as ive read on these forums, if not, how can i properly configure sygate to be secure as possible (direction to another post is fine).
What is your set up?
A router may be a nice investment. You can get a basic 4 port dsl/broadband router w/nat firewall cheap.
You may want to give these forums a try...The only one i have experience with is Outpost forums. But they will probably work well for specific questions you have.
Signature image is too tall!
April 3rd, 2004 05:59 AM
thanks for the replies.
moxnix: Well, if kerio has network support then ill give it a go. i did read about "adjustive behaviour" (i think thats it) on the GRC webpage and ran a few scans but it always had port 1025 open. no idea why.
Atticus: i should be getting a router w/ firewall given to me soon by a friend whos getting a new 1, but the wait is indefinite and i figure i should protect myself in the meantime. thanks for the links im sure they will come in handy configuring, as will a thread i read earlier... wish i could remember who it was by to give credit.
April 3rd, 2004 03:59 PM
If you have an old computer around, you might want to look into NAT (network address translation) firewall/routers, the software is free, the hardware can be anything thats 486DX2-66 and up, as little as 16MB RAM. im using a coyote distro atm, but there are lots out there, for cable modems, PPPOE DSL (ugh), etc... just an old machine, 2 ethernet cards, and a little time...
April 3rd, 2004 05:41 PM
i installed the latest verion of Kerio and configured it according to this tutorial by pooh sun tzu, but it still left port 1025 open after concurrent tests... whats worse is that with the internet gateway option in Kerio enabled, i got back poor resulsts, with many open and closed ports, only a few in stealth.
so i decided to try sygate again, and after testing it on both grc and the sygate site, found it still had port 1025 open, and a few ports closed rather than in stealth.
even the built in windows xp firewall stealths every port (and always works fine with ICS, but is crappy in other ways), as does Zonealarm which i was using previously (but also kept stuffing me round). what am i doing wrong? do i have to learn to block ports manually using rules etc, or should i just go back to zonealarm, or try something else?
edit: after searching a bit on google i found that a fair amount of people think of stealthed ports as overrated, and that your just as safe with closed ports. this still doesnt help the Kerio/ICS problem, but means ill just have to see how well Sygate works with my LAN... maybe ill have to leave that little bastard port 1025 open afterall... or close it manually, how can i do that if its the best option?
April 4th, 2004 09:20 AM
That's because your IRC client runs an IDENTD server.
While using IRC, the shields up firewall test showed 1 open port the first time I ran it, but on subsequent scans, it came back as fully steath.
April 4th, 2004 09:42 AM
I’ll be brief on this one ( sigh from AO members )
edit: after searching a bit on google i found that a fair amount of people think of stealthed ports as overrated, and that your just as safe with closed ports....
“Blocked” means they can’t get in
“Stealthed” means it does not exist ( as far as external computers know )
The difference is a blocked port may send a replay to let a computer know you don’t accept anything on that port, stealthed means they won’t know that port exists at this IP.
Theory being, if a computer finds all ports “stealthed” it does not know you exist, if it finds a “blocked” port it now knows you exist and may want to investigate further, even though it can not get through this port.
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
April 5th, 2004 03:33 AM
Most free firewalls don't work with ICS ( for obvious reasons), I'd just pony up the money for the pay to play version of outpost or others....or...I'd pony up the cash for a lil' linksys/d-link/etc etc firewall/switch to share your inet connection. Either way it should be around 40 bucks.
P.S. Sometimes it is just better AND easier to save the money and buy the product...that way everybody wins. You don't get headaches and they get a little bit of your money.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
April 5th, 2004 05:50 AM
i did understand the difference, but thanks anyway. the alternative theory with stealthed firewalls is that they are like a black hole on the internet, with data going in, but none coming out, meaning someone skilled can see theres something there anyway... but this isnt the discussion i was meaning to get into, and i seriously doubt any skilled hacker would target me anyhow... better safe than sorry tho, and its been good to learn a bit about comp security. ill just use sygate till i get my hardware fw/router... thanks for all responses