ITShield Networks Inc. (http://www.itshield.com) released a wonderful firewall. It is very easy to install and manage, and generates a descriptive log. ITShield firewall is totally different from the Stateful Inspection firewalls, such as IPCHAINS/IPTABLES and CheckPoint.

ITShield Firewall, a transparent firewall, contains the advantages of all three critical firewall architectures - packet-filtering, Stateful Inspection, and application gateway firewall. By using some advanced technologies, ITShield Firewall can handle more than 5000 TCP sessions, unlimited UDP sessions, and unlimited IP sessions at application-level in parallel. Because application proxy provides the highest level of security and flexibility, ITShield Firewall handles all the sessions in application-level by default. Furthermore, ITShield Firewall can drop the unwanted requests at packet level. If the high-speed network traffic keeps the firewall very busy, the administrator can enable Stateful Inspection.

ITShield firewall supports IPSEC VPN and PPTP VPN. They are very easy to set up. It also provides user authentication so that you are still safe to use ftp and telnet to access your internal resources.

ITShield firewall provides a secure remote administration tool so that you can manage the firewall from the unsecure network - Internet.

Hi Jason

-{ Quote: "...a wonderful firewall" }-

Is this something you have used? If so, in what environment: business, home?

Having taken a quick look at the site, ITShield would appear to be a fairly new product and still in development. "You can use ITShield Firewall V0.92 for free before Jan 1, 2004. Maybe ITShield Firewall will be free for a longer time."

This product looks to be targeted for business use on a network. In addition to basic firewall it can define users and has application level proxies. The available administration user guide mentions using Websense technology in it's application proxies. Do you know if it is this Websense (http://www.websense.com/)?

From the Websense site:
"Websense Enterprise v5 is the world's leading employee Internet management (EIM) software solution for managing employee use of computing resources, ranging from Internet access to desktop application use. Implemented by more than 18,100 organizations worldwide, and preferred by the Fortune 500, Websense Enterprise delivers a comprehensive software solution that analyzes, manages and reports on employee Internet access, network activity, software application use and bandwidth utilization."

It does not appear to be something for the average home user, but anyone interested in a enterprise/network solution might want to take a look at it.

Regards,

CrazyM

Don't know, perhaps I'm wrong, but this sounds like an advertisement to me... :-\

Regards,

Patrice

Perhaps, we will see if Jason comes back to discuss it's merits further.

Regards,

CrazyM

At home I am using ITShield firewall which connects to Internet via cable. Yes, the installation procedure and fwadmin do not support me to configure one of NICs to use DHCP. But I configured it to use DHCP manually, and it works fine.

From the firewall log file, I noticed that my W2k machines tried to connect to 66.78.45.73/6667/TCP every 30 seconds. I used proxy_irc to handle the traffic. proxy_irc complained. Finally, I blocked it, and my PC still worked fine.

Could someone tell me why my W2k connects to 66.78.45.73/6667/TCP constantly?

Hi Frank

I have never used ITShield, but a couple of questions re your issue:

Could this be the proxy_irc portion of ITShield trying to establish a connection to enable it to monitor that type of traffic on your system?

If not, do you know the application that was trying to make the connection?
If the firewall does not provide this information try using a port mapper:
Port Explorer (http://www.diamondcs.com.au/portexplorer/)
Vision (http://www.foundstone.com/knowledge/proddesc/vision.html)
Active Ports (http://www.protect-me.com/freeware.html)

Regards,

CrazyM

It looks like that outgoing connection on your win2k box may be a nasty, as alot of worms and trojans especially try to connect to an IRC server to communicate with the author. Port 6667 is IRC.

Try scanning with :
http://housecall.trendmicro.com

And if that doesn't find anything/work out right :

http://www.pandasoftware.com Find 'ActiveScan'.

ITShield Firewall V1.0 is released. The following enhancements have been introduced since Version 0.92:
1. The firewall allows some buggy HTTP POST request. Certain buggy HTTP/1.0 client implementations generate extra CRLF's after a POST request, and certain HTTP servers require it.

2. The firewall supports broadcast so that dhcp server can run on the firewall. With the built-in dhcpd, you do not need to define subnets for unnecessary interfaces.