List of Free Firewalls

If anyone is interested in setting up Snort (the best free IDS out) Jazzie has setup a great how-to:

http://www.fluxgfx.com/forum/viewtopic.php?t=99

 

You sound like Bill Gates

This is a free firewall thread, lets keep it that way

 

lol - but this is true - "free firewalls" are the subject. Let's keep to those as far as this thread is concerned!

 

Hi all!
Thanx Ajohn for posting this! The documentation is mainly for 8signs firewall, but could be adapted and used with CHX-I, Check Point, Pix firewall and a few others... Here is a link to where both my examples and readme documentation are!!

SSC

CU
Jazzie

 

i mean i didnt crack it lol, i just got a serial from my brother who has bought it, is that still illegal?

 

If you're brother put it on his machine, and you're using his serial to put it on your machine, then that's most likely illegal, yep...

Wrong place for this discussion too.. as previously mentioned...

 

.............. how is that illegal when i am using a bought version?

 

[size=-2]When you purchase something it is per X amount of users. It must be a good thing that your bro purchased the 2 Users - $92.40 license.[/size]
End of the crack/warez/script kiddie discusion.

Does anyone have any comments/suggestions on the free firewalls I have posted? I would be glad to see ones that I missed being posted here.

 

Added new Network IDS -Pure Secure:

http://www.demarc.com/products/puresecure/personal/

Commercial product that's free for personal use, highly recommend this to anyone who likes having a pretty GUI for snort... i got it working with IIS in about 5 min. It is web-based and runs as a service... If anything, check out the url above.

 

I know nothing about snort. Is this something that will work somehow in conjunction with CHX-I?

 

Snort is an open source Intrustion Detection System (www.snort.org)
Although Snort is great, it is only able to detect intrusions, but with the help of a program called SnortSam (www.snortsam.net) you can also stop them. SnortSam has just recently been able to be used with CHX-I and 8Signs. Jazzie has a great how-to on setting up snort/snortsam/8signs and there would be little change to make it work with CHX-I.

 

Thanks again.. I'll check it out..

 

Now that there are so many I have probably tested about 20-30% of them

Here is a nice overview of PureSecure (the linux version) that will give you a basic idea of it: http://www.linuxworld.com/story/32752.htm

and some official screenshots: http://www.demarc.com/products/puresecure/screenshots.html

 

AJohn,

Just curious. Do we really need to an IDS if we are

i) not running a server and/ or
ii) behind a router.

Thanks for the list although I am mighty tired of learning to set up new firewalls. Takes a lot of figuring out sometimes.

 

That depends on you

I choose to use an IDS because it is nice to have as a backup. I am behind a router and have my firewall(s) running along with it. I suppose you really do not 'need' one, but why not? I always think of ways to have maximum security with little effort and having an IDS as a backup is good when you are playing online games that you are not so sure about. I have been configuring Snort to work with SnortSam and tell CHX-I to block intrusions so really my IDS will be an IPS as well

 

k sorry ajohn that i was out of line and out of topic,

back on topic: (talking about the free version) is zonealarm good for IDS?

 

It has been years since I have used Zone Alarm, but from what I can gather from there website, ZAP is not a true IDS. Sygate however does have a built in IDS but it is not configurable and you for the most part cannot even see the rules. I doubt home users really 'need' an Intrustion Detection System for the most part, I am just paranoid.

 

AJohn, I was just looking around here trying to figure out how CHX-I runs. I don't see any service installed, and nothing in my startup stuff, so how does it work? I just see some kind of "hook" in my system event viewer that says "Started OK", and a few files in Program Files (*.msc). Interesting... I've never seen anything like this before. I'm running Win2k here..

 

You should see "CHX-I Remote Management Server Service" under Control Panel\Administrative Tools\Services

By default CHX-I should have put an icon on your desktop that allows you to configure it. If you already know that and are asking exactly how it runs you should check this out: http://www.idrci.net/products/spf/spfqt.html

Basically CHX-I runs as a service and uses the Microsoft Management Console (MMC).

I have never used Win2K, only used CHX-I on WinXP.

Sidenote for anyone running Snort on a single desktop with a Wireless Network Interface Card like the LinkSys WMP54G: you may not be able to run your NIC under promiscuous mode and can resolve this by running snort with the added command -p

Took me a while to figure this out when I installed Snort on the PC I am on now ;\

 

Ok, I see the Remote Mgmt Server Service in Services. It's on Manual. I guess it uses MMC and that's what I was after. I don't know much about MMC, but that's probably what does it. Thanks...

 

You can also configure the Service from the CHX-I Management Console under Service Status, how do you like CHX-I so far? It is the most complete and lightest packet filter I have ever used. Have you found the Interface Properties of your Network Card yet? If you want to have full stealth then I believe you need to enable TCP, UDP, ICMP statefull options and probably also Deny all incoming fragmented packets and maybe even Deny all TCP packets containing CWR, ECE flags. I have them all enabled and have full stealth results from GRC and others, but I have not tested it with other options.

 

So far I love it. It's the best firewall/packet filter I've seen too. I have the Interface Properties all set up and I get full stealth on grc also. I have not set the Deny fragmented packets yet though. I understand that CHX-I does a good analysis of incoming fragments, so I figured it wasn't necessary. I might enable the Deny TPC CWR/ECE flags though.

I was just playing with some registry settings to try to change the UDP stateful timeout value. I was trying to see if I could get CHX-I to stop accepting incoming late DNS packets from my DNS servers. When late ones come in, I then see an outbound ICMP type 3, code 3 (port unreachable) going outbound back to the DNS servers and I wanted to see if I could get it to stop that. So far, the only firewall that sucessfully stops these late incoming DNS packets is Jetico. I see no outbound type 3 with Jetico. I can only assume that it's something to do with the stateful UDP timeout.

 

A good place to ask questions about stuff like above would be the CHX-I thread over at SSC: http://www.fluxgfx.com/ssc/forumdisplay.php?f=23

Stefan, a CHX-I developer along with other CHX-I users go there and you might have a good responce. I dont have problems with outbound type 3 so I dont think I can help.

Here is a SS of Demarc PureSecure detecting some things while running the GRC port scan (probably would have picked up more, but I had CHX-I on):

 

PureSecure looks interesting..

As far as that ICMP Type 3 stuff goes, it's not really a problem, just a curiosity.. There's no security threat from my DNS servers, so it's nothing to worry about. It happens with most firewalls and is quite common. At any rate, I"ve set everything back to the defaults and all is well...

 

Did I mention PureSecure can monitor files for changes as well?
It also can automatically update your snort definitions and much more