Firewall Capabilities

I am running ESS beta 2 on Win XP SP2. Seems to be running pretty well so far

My question is: What are the Firewall's inbound security capabilities?

From the ESS help file:

Does the ESS Firewall do any check for malformed packets or SPI? Will it stealth ports? I can't run a shields up test as I am behind a router with a firewall here and can't connect without it.

Thanks for any comments.

 

you can configure your pc to be on a DMZ within your router.

this then will leave you bypassing the firewall/nat

 

Right, I think I saw that somewhere in my router manual But to be honest, I was hoping someone who didn't have a firewall router would post results or comments. Not that I'm lazy or anything

 

Well, for interest Ichanged my router to DMZ my PC and then tested using ShieldsUp at www.grc.com.

ESS passed all the tests with flying colours apart from ping response.

There seems no way switch off the rule that allows ICMP responses in either Automatic or Interactive mode, but I could have missed the setting ?

 

When you have a router, the ping response on WAN must be disabled on the router.

 

It must be GRC's bug about the ping . I use DSL connection and NAT in the modem . Everytime I test my NAT device it passes everything but their ping test . Moreover , when I test ZA free , Windows Firewall or ESS on dial-up connection (no router on dial-up - obviously) they also pass everything but GRC's ping . So it looks like a bug for all the 3+1 firewall configured for max not to pass this ...

On the topic , ESS protects very well from inbound attacks . Passes all tests with Stealth on hackerwatch and PC-Flank.

 

You might have a look at https://www.wilderssecurity.com/showpost.php?p=1034230&postcount=4

 

Thanks, that sounds sensible but I assumed that the existing system rule to allow all pings would take precendence over any user created rule.

Can you confirm how conflicting rules are handled to determine what wins ?

 

Would it not be better to remove the hard_coded rules that allows all ICMP in/out?
(all rules shown cannot be removed/edited)

 

Thanks Stem. I did find this window. I agree that hard_coded rules are unfamiliar to me as my experience is with ZA and Comodo which do not use these. And I have to agree with crummock's question :

Also today, I checked my Firewall log files and there are numerous entries there that I don't understand. Any comments are welcome.

edit: Setup is ess beta2 on Lenovo win XP sp2 behind Actiontec router (not set as trusted)

 

i also get lots of those

about every 2 minutes or so

 

Strange that ess doesn't provide any further information in the logs (empty columns). From my days with Comodo, I think these might be related with IGMP or possibly upnp from my router. I have verizon Fios service and the router also communicates with my TV set top box. But I don't know how to tell for sure with the minimal info from the logs.