firewalls

Printable View

April 25th, 2003, 03:49 PM
pyro_113

firewalls

what is ths best firewall to get for a home pc blackice? or zone alarm also what is a good firewall to launch an attack back at the person who tries to hack into your computer
April 25th, 2003, 03:51 PM
SirDice

Re: firewalls

Quote:

Originally posted here by pyro_113
what is ths best firewall to get for a home pc blackice? or zone alarm also what is a good firewall to launch an attack back at the person who tries to hack into your computer

Search AO. This has been covered about a zillion times.

Edit: Counter-attacks are NEVER a good idea.
April 25th, 2003, 04:09 PM
Tiger Shark

pyro: Who _exactly_ would you be attacking back? You don't know do you? Then how _exactly_ is your automated attack-back system going to know?

For a start....... Most people who attack computers don't do it from their own box. They take over a box somewhere else, turn off all logging and then attack you from there. So..... you are going to attack back at an innocent third party and bomb their machine probably doing damage in the process..... They call that a crime.....

Next.... Here's me, Mr. Filthy-Cracker, bashing away at your box when I notice you are attacking me back. I can see by the way the attacks come back at me that it is automated.... "Kewl" thinks me...... Time for some fun...... So, I attack your box and spoof the IP of the FBI, sit back, take a nice long swig of beer and laugh my @$$ off thinking about how your front door is about to go through your back door when the nice chaps from the FBI come to visit..... and not just for a nice cuppa tea..... :(

Attacking back is not something you should be doing for fun. If you really want to attack the attacker you are going to have to do a whole lot of work, most of the time you will be unsuccessful, to trace the attacker back to the source before you could consider that option. Then, by the nature of your question you will be starting a war that you will not win.......

All in all, the best bet is to send a report to the ISP who can deal with the situation far better than you can and they will be doing it legally and non-invasively.
April 25th, 2003, 04:12 PM
bballad

Quick note, Black Ice is not a firewall. Very usefull for what it is (IDS) but it dosn't replace the need for a firewall
April 25th, 2003, 06:04 PM
Networker

Why does the first newbie post is always "what is the best firwall", I guess it reveals that people are more & more concern about security, but the only fight back process they heard about is firewall (Maybe should we thanx M$ XP that integrate it natively!)

Dark had posted a thread with a very good link here comes the answer to your question:
http://www.ozcableguy.com/security.html#firewalls
April 25th, 2003, 07:35 PM
sickyourIT

Quote:

Originally posted here by bballad
Quick note, Black Ice is not a firewall. Very usefull for what it is (IDS) but it dosn't replace the need for a firewall

read this pulled from black ice's site

Quote:

link
BlackICE is professional-strength protection for your PC. BlackICE PC Protection features both an intrusion detection system and a personal firewall for a one-two punch of protection.

BlackICE automatically detects and blocks attacks through a comprehensive inspection of all inbound and outbound information to your computer. And BlackICE PC Protection is constantly working to secure your dial-up, DSL, and cable modem from hackers 24 hours a day, every day of the year.

according to Internet Security Systems (the makers of blackIce) it is!

also read here.

Quote:

link
BlackICE protects using the same sophisticated technology that secures corporate networks around the world. This unique combination of firewall, fast, unobtrusive intrusion protection and straightforward interface protects the privacy of any home or office server. BlackICE Server Protection is widely available through online outlets.

hope this helps create clarity....
April 25th, 2003, 07:42 PM
bballad

Black ICE is a IDS that defaults to active, regaurdless of what there marketing people say. In fact do a quick search on google and you can see the Blackice tech people saying that over and over in press releases. Hell look on theregister and you can see blackice press relases saying that they are not a firewall. Now an active IDS can kinda act like a firewall but thats a very bad idea IMHO.
April 25th, 2003, 08:35 PM
|The|Specialist

Attacking other peaples comps shouldn't be a admin's way of fighting. However there are some interesting things you can do with IDS. You could open port 1337... then some IDS lets you not only log things but also send... this means that if you get a good connection on that port you could make it so your IDS attempts to use MSN Messenger spam ports or if someone is useing some kinda trojan client with chat you could send a message to the connected PC. Or you could setup the IDS to dissconnect as soon as it logs something interesting... there are alot of funny things you can do with intrusion detection systems.

But if you want a admin weapon.... (info) is best when used wisely.... setup your IDS... wait for connections... then once everything is loged there is almost nothing stoping you from makeing a few complaints to the guy's ISP.
April 26th, 2003, 12:07 AM
wacky_sung

I do not know whether you guys know that there is an exploit found on blackice and they quickly patch the current version.If i am not wrong,it was prone to DDOS.Beside that,Zone Alarm is a favourite among user but i do not recommend it cos tone of exploits found on Zone Alarm on difference version and i lost count of it.

If you really wanna use a good firewall,try Sygate Pro,Outpost Pro or Tiny Software firewall.These are the best 3 firewall which i have used them before and did a good job.If you use Sygate Pro,when someone try to flood you and you set to block all.The packet send to you is drop(filter) cos when they did a manual ping and they receive a 100% packet loss(which mean it has no effect on you).
April 26th, 2003, 06:01 AM
TSR

Best Firewall

HI Everyone
I'm new to the forum and thought I could help a bit...I test and evaluate security software . I've tested many firewall's in the past year...I'm sure our members will concur that ZA....Sygate...Outpost......Kerio are a few of the top one's depending on your choice. But I would like to recommend a new kid to the block which is Visnetic Firewall. At the present I'm running this one now and it has passed all scans I've thrown at it.....Memory consumption is very low...great GUI...the cost however is a bit high.....it does have a 30 day trial. For those that would like to try it out here is their home page.http://www.deerfield.com/ This I feel is a upcoming firewall and very tight security is incorporated within it...Hope this helps. :D
April 26th, 2003, 02:00 PM
s0nIc

Hmm.. I use ZAP (Zone Alarm Pro) mainly. Tho if ur a linux user, your BEST chance of having a decent and good firewall that you would know inside out, is by learning how to set ur IP Tables and Routing Tables. which are basic functions of a *nix machine. Win2K and am not really sure but i think NT has the routing tables function too. Im not sure about XP either. anyway, its not the firewall that makes your box secure, it is how the owner takes care of it. In my current job, i have seen many systems plagued with viruses and trojans. but guess what? the systems were armed with a minimum of 2 Anti-Viruses and 2 firewalls. But it was plagued by viruses and trojans and dialers. Just another proof that the security is not always based on what you use, it is based on how you use it.

mainly, try to avoid using default values. coz most vulnerabilities are found from default settings. I have used Kerio and it is good. I tried black ice, never liked it. Sygate pissed me off so bad coz it edited my MBR for some odd reason and my system wont load windows. i had to use a boot disk and uninstall the bastard. so now im using ZAP.

i have my system secured tight enough that u cant even ping me, but loose enough that we can even play P2P games hehehe..

and oh, if any of you wonder if ZAP has IDS, the answer is YES. download VisualZone, its ZoneAlarm's IDS Add-On. which i really dont think you NEED if ur a ZAP user. but for ZA user, yeah it would be handy. because you can back trace the attack and get MORE details about the attack which basic ZA cant offer but ZAP can.
April 26th, 2003, 06:54 PM
Jabberwocky

i've used ipfw in the past and would use it again in the future. its kind of a pain to learn but its simple and pretty intutitive once you get the hang of it.

i'd also recommend portsentry in addition to a firewall....portsentry can be made to use a retaliation script, although i would NOT recommend using anything like that.
May 30th, 2003, 03:00 AM
dragonwhip

For starters, Black Ice is garbage! I use Zone Alarm Pro and Tiny Personal Firewall in tandem, and they are a very good start. Also, go to Steve Gibson Research and get their FREE programs to help close off sections of your computer that firewalls tend not to address. One more thing, for anti virus, stay away from Kaspersky Labs. Their programs will probably lock up your computer, and they never even give you a chance to see if they are any good. This really is stuff that is bad news!
May 30th, 2003, 06:52 PM
Magic-Guy

nice one wacky_sung , thanks :)
May 31st, 2003, 02:57 AM
Sonics42ny

Hacking back will just cause trouble....and someone who posted earlier nailed it: the machine hitting you is "most" likely not the actual source of the attack.

Just keep your systems tight... and then you can sleep at night. There are so many viruses propagating on the net, and so many easy to use network scanners on the net to download, it's just a fact of life that your perimeters are going to get probed. Instead of getting back at them (which is a crime), focus your efforts on tightening your security. Or just drink lots of beer and forget about it all.....