Author Topic: Which Firewall  (Read 9133 times)

Arne

  • Administrator
  • Hero Member
  • *****
  • Posts: 778
    • ICQ Messenger - 1448105
    • AOL Instant Messenger - aflaaten
    • Yahoo Instant Messenger - arneflaa
    • View Profile
    • http://
    • Email
Which Firewall
« on: November 13, 2001, 11:01:04 AM »
Which firewall are you using?
Best wishes
Arne
Imici username= Arne

Shaka

  • Newbie
  • *
  • Posts: 20
    • ICQ Messenger - 41207823
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://shakainc.cjb.net/
    • Email
Which Firewall
« Reply #1 on: November 14, 2001, 03:43:07 PM »
AtGuard is discontinued. Norton's owns the rights to AtGuard and has inproved on it a bit. But, Tiny firewall is one of the best. The only thing that Norton's has on Tiny is that Norton's has an option to block IGMP protocols and !!LAME!! privacy filters. But, Tiny doesn't allow IGMP at all. I suggest reading about all the programs and check the CISA certification list. But, for your money I`d buy a hardware firewall!!! Zone Alarm is a joke! Also, look for exploits on the program you chose.Befor installing a security hole.

United We All Stand. Support Freedom.
 

JakBeNymble

  • Sr. Member
  • ****
  • Posts: 308
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://
    • Email
Which Firewall
« Reply #2 on: November 22, 2001, 08:20:01 AM »
Dear Proxomitron-ites,
                           I have used ZoneAlarm every since I've been on-line. My ports have been scanned by Netscape, Internet Corp., Internet Number and Assignment Authority, and my ISP continuely feels, fingers, pokes and prods anything and everything they can. I (foolishly) decided one night, in the middle of an e-mail to by-pass "Proxo" in order to put some "detail in the e-mail", I refreshed the page, put it the work, turned "Proxo" back on, sent the e-mail and signed out. In just about 20 minutes, the people I had the e-mail account with,"Y**hoo", tried to route through my computer right back to my ISP!  In short, (They tried to break-down the front door, steal all my goodies, and run right out the back!) Thanks to zonealarm so far my computer has remained safe and sound. I know there are alot of other good Firewalls out there, and some not so good ones, but for me and my house, Zonealarm has Proved itself to me over and over again that I can trust it. Can you lay down at night and sleep safe  and sound, and not be worried about waking up in the morning to find that your whole hard-drive has been re-formated just because it's some famous person's Birthday? Or do you feel protected, when some "Cyber-gun-slinger" decides that you're the one that's going to be the next lucky son-of-a-gun he's going to Smoke right down to the ground? If you don't, then you need to find a good security system that you can feel that way about. May you have a wonderful and blessed day my PROXOMITRONIC FRIENDS.

 
 

Fatboy

  • Newbie
  • *
  • Posts: 14
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Which Firewall
« Reply #3 on: December 10, 2001, 11:38:16 AM »
Arne,

my vote would be with ZoneAlarm however.... have you intentionally chosen ALL personal firewalls? There are many arguements to using a seperate firewall. There are loads of good Firewalls based on Linux IPChains that are vastly superior to ALL personal firewall and will run on a 486+.

I can personally recommend a few if you let me know your requirements (its my thang! lol)

F

Fatboy
Fatboy

Arne

  • Administrator
  • Hero Member
  • *****
  • Posts: 778
    • ICQ Messenger - 1448105
    • AOL Instant Messenger - aflaaten
    • Yahoo Instant Messenger - arneflaa
    • View Profile
    • http://
    • Email
Which Firewall
« Reply #4 on: December 10, 2001, 01:06:31 PM »
Yes, and I have no knowledge about seperate firewalls. So it would be great if you tried to teach me (and the others) about it. I am looking forward to your posts


Best wishes
Arne
Imici username: Arne
Best wishes
Arne
Imici username= Arne

JakBeNymble

  • Sr. Member
  • ****
  • Posts: 308
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://
    • Email
Which Firewall
« Reply #5 on: December 11, 2001, 07:55:15 PM »
Dear FatBoy,
                I'm all ears! All the "Privacy-Software" in the world is of no benefit if you can't safely secure the "Fort"! I also look forward to learning from you! See at the FORUM, MY FRIEND!
 "Jak"

 
 

Fatboy

  • Newbie
  • *
  • Posts: 14
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Which Firewall
« Reply #6 on: December 12, 2001, 01:13:56 AM »
here goes (but please ask anything u want in reply)

basically there are a ton of firewall implementations out there for loads of platform. First thing to realize is that personal firewalls (i.e. the ones that run on the machine you are working on) are the bottom end of firewalls. A real firewall by definition is a separate WALLING device at the edge between the trusted domain and the untrusted domain. They don't do much. I know that sounds bizarre but they really don't. All they do is take a simple list of rules (like proximitron) and say...if the thing I am seeing is in this list then do what it says.. otherwise do the default action which is BLOCK (well some don't but that's a REALLY bad move unless u r VERY confident).

Loads of people make software than can turn a standard PC into a firewall. From Checkpoint Firewall 1 running on NT to a plain old Vanilla Linux install.

Now if you want it FREE then forget windows. Linux has a really cool thing compiled into most of the kernels called IPChains. There is loads of How To's about it on the net but basically it looks at IP address (or qualified domains etc) and the service (i.e. port) and either rejects it, denies it, or accepts it. (yup there is a difference between deny and reject lol)

The really cool thing is that the processor load required to do this for a small to medium LAN is Tiny.... like a 486 66Mhz with 16Mb and 2 Network cards with no mointor keyboard or mouse will do this.  Really.!

The really small ones run from a bootable operating system (typically a floppy) and run from Read Only RAM. The two best are LRP and floppyfw (imho) but I would recommend floppyfw as it worked for me with little mods. If you have a P100+ with a bit more RAM then things get really fun. A bigger distribution is SmoothWall. Based on the same premise but has a lot more user friendliness (web interface easier install...).

What else can they do. Well NAT for one so you can run as many pcs in your home as you want from one internet connection (and this adds an extra level of security) and SmoothWall can do VPNs and some PROPER intrusion detection... And more.

Thatís a start anyhow. Please batter some questions at me.

:)

Fatboy
Fatboy

JakBeNymble

  • Sr. Member
  • ****
  • Posts: 308
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://
    • Email
Which Firewall
« Reply #7 on: December 12, 2001, 02:21:19 AM »
Dear Fatboy,
                 Thanks for sharing the infomation. A friend of mine has a network set up in his house and he has "Nat" running on a "Mac" that connects it to the internet. He said it was just like having a 'Virtual Connection to the Net'. Now I understand now what he was talking about. I want to learn more about this type of Fire-Wall! Thanks for taking the time to share.
 I have a nice test-page that you might interesting.
 http://www.all-nettools.com/tools1.htm. You know that most Personal FireWalls identify the IP of the "Scanner", when someone scans your ports, and with Z/A, it just falls into a "Virtual Black-Hole" and doesn't return back to the Scanner. I have this page bookmarked and I copy and paste their IP from Z/A's Dialog box into the command-line on this Test- page, press GO and in just a few seconds, it will give you their Business name, their Street address, the IP's of there other machines, their Fax number, the telephone number, the name of the Administrator and their E-mail address!(sometimes it just gives Business Name, Address, and phone number)
I like to know whose knocking at my Door.
See you on the Net and in the FORUM, Safe Surfing My Friend.
  "Jak"

 
 

Fatboy

  • Newbie
  • *
  • Posts: 14
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Which Firewall
« Reply #8 on: December 12, 2001, 10:57:53 AM »
yup i know that web page well for the anonimity checker. The thing you are doing is a WhoIs check and SmoothWall has it built in. Also A windows IDS (intrusion detection) will miss probably about 60% of all scans etc. A Enterprise Class IDS will not. Usually they are very expensive but one that does very well in ALL tests is SNORT. And guess what it is free and guess again... yup it is in Smoothwall as well.

Note: SmoothWall is about to go commercial and there are all sorts of flames going on cause the founder of the project is an obnoxious man but the product is second to none.

P.s. It is actually doing PAT (port address translation not NAT network address translation but NAT sounds cooler! lol)
p.p.s remember that the IP address from a port scan could be faked (fairly unlikely) but it is VERY likely to be coming from a compromised machine and not the atackers home box. So be nice when you report it you may be telling someone they have been compromised. :)

Fatboy
Fatboy

JakBeNymble

  • Sr. Member
  • ****
  • Posts: 308
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://
    • Email
Which Firewall
« Reply #9 on: December 13, 2001, 05:43:14 AM »
Dear Fatboy,
                This separate Fire-Wall is sounding better all the time. And I wouldn't report'em, I'd just plan to go pay them a friendly visit sometime when it was convenient.. My Friend that I was talking about, calls it a "Bug on a Burger"(NAT on a MAC).LOL! Thanks for clearing that up for me, sometimes I'm like an Old Mule, you have to hit me in the head with a "2x4" just to get my attention! He sent me some addresses where I could get what I needed to set a Pat/Mac up, but I just haven't had the time to look into it yet.When I do,I may have to get some pointers from you, if you wouldn't mind. I'll aggravate you to death with questions, if you let me.. I'm big on pages, Here's one of my favorites, www.privacy.net/analyze. You may have this one already bookmarked too, but just in case. There's some really nice links there too. Here's one that sends all it's info to a SPYLOG server after it's done. www.leader.ru/secure/who.html. Before you use it put this in your blocklist
([^/]++.|)1000stars.ru
That will take care of the problem. Also make a "dupe" filter for the X-Forward For:(out) and put this in place of the default:
unknown Cache-Control: max-age=259200
This will stop "Old Sherlock" from detecting any Proxomitron activity, but it only works for Proxo's Psuedo Netscape settings. I could use proxo with the page and "spoof" it, but it would say, "adguard or Proxomitron use detected", but the dupe X Forward For:(out) stopped it from detecting Proxo. I also made a second dupe filter for the"ProxyAuthorization:send password to proxy server" FILTER. I added this to the existing line
Via: 1.0 cache1:3128 (Squid/2.4.STABLE2)
Now I don't have to get proxy Authorization, but it made the page think I did.
Also there was enough characters for the page to deal with, it couldn't Resolve"Client IP" number, it thought that my ISP's Host IP, was my Client IP! Without this two dupe filters that I made, the page would grab my Client IP everytime. Now another friend of mine tried this 2 filters, but he said it didn't work for him. I don't know why it didn't, but I have a lot of other things at work in Proxo,too. I could be a combination of things I have checked in Proxo. I wish you well, and always "SAFE-SURFING" My PROXOMITRONIC FRIEND!
Be talking with you soon,
Signed: "JAK"  

 
 

Fatboy

  • Newbie
  • *
  • Posts: 14
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Which Firewall
« Reply #10 on: December 13, 2001, 11:12:15 AM »
nice Jak ! As you can see from my other thread I am concerning myself quyite heavily this now with what extra "Security" can be gained by using proximitron.

Something for all to bear in mind though... pick a reputable privacy checker like all-nettools and stick with it.

There have been a NUMBER of documented cases where people set this kind of site up solely to gain info for *dodgy* purposes.

And ask any quesions you want. If you think it is worth starting a new thread feel free.

b good. b safe. b paranoid

Fatboy
Fatboy

JakBeNymble

  • Sr. Member
  • ****
  • Posts: 308
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://
    • Email
Which Firewall
« Reply #11 on: December 13, 2001, 07:04:29 PM »
Dear Fatboy,
              I've pulled up the "log Box" in proxo and checked that www.privacy.net/analyze test-page to see if anything strange is going on. I didn't see anything, but is there something there that I shouldn't be using that page? Ever since I found out about that other test-page being a "No-Good-Snitch", I try to check all the test-pages, but if there is something going on that page, please let me know and I'll be eternally grateful! Have a Wonderful and A Very Blessed Day My FRIEND! Signed: "JAK"

 
 

Fatboy

  • Newbie
  • *
  • Posts: 14
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • Email
Which Firewall
« Reply #12 on: December 14, 2001, 12:50:48 AM »
nope i have no details of specific pages that are *dodgy*. It just pays o be paranoid thats all.

*grin*

Fatboy
Fatboy

JakBeNymble

  • Sr. Member
  • ****
  • Posts: 308
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://
    • Email
Which Firewall
« Reply #13 on: December 14, 2001, 02:53:07 AM »
Dear Fatboy,
                YELP! I agree. I think that a little of it makes you cautious and careful. A very wise man once said to me,"ALL that PARANOIA is, is HEIGHTENED AWARENESS".LOL! See you on the NET, and on the FORUM.
SIGNED: "JAK"

 
 

Zhen-Xjell

  • Jr. Member
  • **
  • Posts: 98
    • ICQ Messenger -
    • AOL Instant Messenger -
    • Yahoo Instant Messenger -
    • View Profile
    • http://laudanski.com
    • Email
Which Firewall
« Reply #14 on: December 16, 2001, 06:21:08 PM »
First, I can't believe this BB runs in an MS environment.  Great damn job  ( I know I keep repeating myself ) Arne!

Ok, I use ZAP, but as a companion with my Linksys BEFSR41.  I take advantage of the ZAP authentication that the Linksys provides.  This adds another ring of security.  So if ZAP ever went down, Linksys would see the handshake is lost and therefore shut down that PC's access to the Net.

Also, I'll be getting the BEFSR41X when it comes out.  This appliance actually acts comes closer to true "firewall"hood than the BEFSR41 does.