zonealarm firewall flaw?

**Scorp666** · August 3rd, 2003, 10:12 PM

If you want a nice efficient free firewall, give a look at Agnitum's Outpost Personal Firewall.

It's a bit more complex to setup then ZoneAlarm but offers much more configuration options and has nice plugins.

http://www.agnitum.com/download/outpostfree.html

**Mykol** · August 13th, 2003, 08:23 PM

"I was wonderin why i dont get many alerts from my zonealarm firewall so i decided to test it. I know i wont get alot of alerts cuz i'm in a pretty well protected network but still...not 1 alert was kinda strange. I ran nmap on it from my linux box and not a alert came up and nmap displayed the stats of the comp. Should zonealarm detect a nmap scan???"

I'm sure you checked the Zones tab? One of the very first things ZA does after the install is to "discover" the first network it detects (the one you're on) and puts in in the "trusted" zone catagory. If you're not carefully watching for this, it's easy to continue clicking OK and miss it.

Re-installs will keep the same zone settings and not help, if this is the situation.

No scans from an IP within this zone will show up -- I'm assuming the nmap box is on your same network.

Hope this helps,

Myk

***NeuTron*** · August 14th, 2003, 05:00 AM

What type of scan are you using? Zone Alarm might not pick the nmap stealth scan. Try doing the TCP connect scan and see if you get any alerts.
-NeuTron

**tekno** · September 26th, 2003, 02:35 PM

If you want to try a new personal firewall/IDS app. I've had good luck with BlackIce from ISS.

Both an IDS and personal Firewall, as well as application security.

I have it installed on one of my boxes and it DOES pick up those NMap scans.

just my $.02 free of charge

**ThePCDoctor** · September 26th, 2003, 02:54 PM

I agree with Jct Uninstall and reinstall ZA I have not run into that problem at all it is in the install you had done.

***RoadClosed*** · September 26th, 2003, 04:51 PM

Like Mykol mentioned, you may have inadvertenly set up a trusted zone with your internal network, if that is the case Zone Alarm won't do squat against those internal devices because you told the software to "trust" them.

Either that or some trojan compromised the software.

***Nokia*** · September 26th, 2003, 09:33 PM

yep just re - instal it and pay very carefull atention to what options you are selecting.
You can have the best and most expensive FW on the planet but if you dont configure it properly it aint gonna work!!!

Thread: zonealarm firewall flaw?

Thread Tools

Display

I dislike ZoneAlarm.

Posting Permissions