PDA

View Full Version : FireWall



DaveNZ
26-08-2003, 08:08 PM
Hi all
Will a fire wall such as zone alarm stop the blaster worm and the like??

Thanks Dave

stu140103
26-08-2003, 08:13 PM
> Will a fire wall such as zone alarm stop the blaster
> worm

Yes :), it did it for me, I did Not get the blaster worm :)

Jim B
26-08-2003, 08:17 PM
It will if you configure it correctly.

The best protection against such as Blaster is to keep your Windows system updated with all the latest updates and patches.

stu140103
26-08-2003, 08:17 PM
> and the like??

yeath sort of....... depends on what you mean "& the like"
because each worm/ viruses is different & they do there bad work in different ways to.
Also need some of Antivirus progume as well

Hope this helps

JohnD
26-08-2003, 08:24 PM
As I understand it there are two types of firewall:
1. Application firewalls like Zonealarm - they block applications from accessing your system.
2. packet filters - they block ports on your PC.

The second are more likely to stop worms. All Linux based firewalls I have seen are packet based to block or open services in /etc/services. All ports that do not have a defined function shold be blocked.

If you go to:
network and dialup connections ->properties -> advanced -> options -> TCP/IP filtering in Windows 2000 you can block ports but it doesn't seem to allow you to choose individual interfaces.

John

JohnD
26-08-2003, 08:39 PM
This seems relevant to the topic:

http://www.washingtonpost.com/wp-dyn/articles/A34978-2003Aug23.html

John

kiwibeat
28-08-2003, 01:00 PM
zonealarm will stop intrusion luckily i also am still using 98SE which is immune to the flaws that the recent worms exploit

Rod ger
28-08-2003, 10:52 PM
From my (limited) understanding firewalls like Zonealarm stop access to all ports on your computer ,and can make them undetectable, EXCEPT those sites that you REQUEST data from. On the other side of the wall, only those applications that have your permission may connect through the barrier. Any program without you permission must get your authority to proceed. This is how to stop the spread of "nasties".that you may have picked up and the loss of data.

This is like saying, invited guests only, and nobody leaves without ID. E-mail is different because you invite it in and it comes through the firewall, because you requested it(logged on to your e-mail a/c). It may be carrying "nasties", this is where your anti-virus comes in. (personal body search of invited guests). The AV also checks other data as it comes in as well.

The latest scare exploited a vulnerability in the operating system of XP and W2000. If you had a firewall this would have "bounced" because the firewall had stopped access to port 135 because you had not told it you had requested data at that port. The patches repair the system behind the firewall .

PoWa
28-08-2003, 11:12 PM
All in all, if you haven't been running a firewall ever since you first started out on the net - what were you thinking!!!

vk_dre
28-08-2003, 11:35 PM
I use Norton Internet Security Pro 2002, its done very well, also got an IP logger of attemted intrusion attemts on my comp so i can trace them bak and find them out.

JohnD
29-08-2003, 09:03 PM
Can someone correct me if I am wrong here but I don't think Zonealarm blocks ports - just applications. Zonealarm and the such like are application firewalls - you need a TCP/IP filtering firewall (more commonly run in UNIX or Linux) to block ports.

An application firewall acts at the application layer of the 7 layer networking OSI model. TCP/IP filters act at the network layer (layer 3) of the OSI model (see ttp://www2.rad.com/networks/1994/osi/layers.htm or similar).

Have a look at www.agnitum.com though - this looks like a TCP/IP filtering firewall for Windows.

John