Printable View
instronics : I believe when he says 'My system appears to be off to anyone who is doing a port scan' he is probably referring to the fact that if someone is doing a scan on a range (to see what hosts are alive) his firewall should just drop the packets. If the firewall just drops the packets the a simple port scan would not show a machine a being there and it is doubtful anyone would try and do a portscan. Just my $0.02 :)
"You are correct, sir!" I think that that was the intended point of what was said. However, if the person scanning the ports KNOWS that there is a computer at that IP Address, I.E. they got it a friend, or were monitoring packets, they could pretty easily determine there was an IP Address there. That would just make some people want to try harder, and indeed, might make them want to try to use a more powerful and direct attack, using executable code.
Of course, its still worth using the firewall, especially if the person running it isn'tsilly enough to open every program they find, and not use a virii scanner.
I use Zonealarm pro as my firewall. Basically I run in stealth mode, which means I drop all unwanted pings, udp, tcp packets, packet fragments, and block outgoing netbios data from ports 135, 137, 138, 139 and 445. Zonealarm allows me to block incoming or outgoing from any port. The reason I have outgoing ports restricted is my JAVA wants to link to other addresses it considers local. I think this was done while I was using Morpheus.
It is true that other people have taken my running is stealth mode as a challenge, but none has succeeded yet. I monitor my email for suspicious objects as well. I use pest patrol to get rid of spyware, trojan horses, RATS, etc. I use my logs to monitor all incoming and outgoing, scan my system once a week with Norton Anti Virus, and PestPatrol. Other than that I use the internet without restriction. I have had no problems for a few years and haven't needed to restore or reconfigure my software.
Zone Alarm Pro is good for all of that, but I still think that it is bulky, and its logs are annoyingly bad (For how I read them, anyway.)
But, on a side note, if you don't have any sort of privacy protection on your computer, make sure you have in/out packets blocked to common advertisers/pop-ups, such as ad.doubleclick.net, and Gator.
I don't know what you consider "bulky" and the logs make sense to me. They simply say incoming message or outgoing message, who it was, what message format was used, the source address. source port, desination adress and destination port. The protection it affords is great and the price is great, especially for the free version to home computer users. Consider that locking down the functions, port 80 for HTTP, port 21 for FTP, etc leaves you without full function on your computer and a firewall gives you security with full functiom. The pro vesion protects your mail, and secures the popups.
Couple that with PestPatrol for security against pests other than virus and a good virus scanner and the result is a computer you can use and a barrier that you can trust.
I have read all the posts. I've tried the portscanning tools and used Steve Gibsons portscanner on my system. Everything came back saying that I am running in "stealth" mode. I used Steve Gibsons leak test and passed with flying colors. That is not to say my system in invunerable, I have logs showing people have tried port scanning me without getting through. If someone gets through I won't have a log entry and I may have a problem. So far I am reasonably certain no one has gotten through my firewall but I don't know how hard they tried.
The appearance itself is what seems so bulky to me, but that's a matter of opinion. It also seems to me that the logs could be a little bit more complete. Do they even offer backtracing and capture the full packet?
Either way, this isn't the place of a discussion on firewalls in depth. We both have good opinions, and I think everyone knows them by now. Neither of us can be wavered all that easily. Oh well. :-)
Both firewalls offer decent protection, especially with a good virii scanner.
::Grins:: Thanks for all of your opinions and help with this!
NetScan is a good scanner for the open ports. Search on google.
I agree the debate has been fun and stimulating. You have good points.
Well knowlegde has to be spreaded (mistake !i!i!)
I think spreading knowledge can be fun. You are quite good.