act as a server?

Discussion in 'other firewalls' started by sir_carew, Dec 15, 2003.

Thread Status:
Not open for further replies.
  1. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    I've a cable modem connection.
    Days ago, ZA Pro 4.5 start to ask me if I want to permit that some program act a server, the problem is that these program early never ask me. For IE, Opera and NOD ask me Za Pro for act as a server. If i block it, Opera can't open some web pages. In the alert appear something like DNS?.
    In the log all days appear a blocked ICMP alert from my ISP, It's necessary that permit it ICMP Alert?
    Thanks
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Didn't you remove ZAP recently and try Sygate Pro? When you did that, did you do a full uninstall of ZAP first? Also, when you reinstalled ZAP again, did you cleanly remove Sygate Pro?

    Has this request for server rights on all these programs started just since you reinstalled and started using ZAP again? Did it start happening right away when you went back to ZAP?

    The programs you're describing don't normally need server rights in ZA, but can ask for them for a couple reasons. You're running Windows XP right? Have you granted Generic Host Process for Win32 Services (svchost.exe) the ability to connect out to the Internet in ZAP's Program control? Do you have your ISP's DNS servers in the Trusted Zone? There is also a configuration option you probably need to set...

    ZAP > Firewall panel > Main tab > Trusted Zone Security section > Custom button > check "Allow outgoing DNS (UDP Port 53)"

    Delayed responses from ISP DNS servers can also cause such programs to ask for server rights temporarily, and this can be a sign of temporary DNS server problems if it only happens some times, but not always.

    As for the pings (incoming blocked ICMP alerts), that is very common and should have nothing to do with what you are seeing regarding the DNS issue. You can set up an expert rule to simply block those without logging them. I've documented these rules in this thread:

    https://www.wilderssecurity.com/showthread.php?t=12936
     
  3. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    Yes, I desinstall Sygate and I remove it from the registre.
    I send you a image that show the server request.
    In the trusted zone, It necesarry have the Normal level and not high?


    - Modified image to trim thread width down - LWM
     

    Attached Files:

  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    No, you can run the trusted zone at high security, too. I do. But, I have my ISP's key servers (such as both DNS servers) added as trusted sites in the trusted zone. I also have that flag checked that I noted above and I must allow Generic Host Process access out to both the Trusted Zone and the Internet.

    DNS is a little complicated and if you don't allow all aspects of it as I've noted, then it'll ask for DNS access on all programs instead, which is not necessary if you set up things like I've mentioned above.
     
  5. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    I'm using XP Home Edition, yes I've granted to acces svchost.exe to Internet, but not as a server.
    I made the change that you said me, I checked allow outgoing DNS.
    How can I know my ISP's DNS server?
    Thanks.
     
  6. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    I've found my DNS Server, it's the same all the time?
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    You can see what your system is using for DNS servers by using the following command from an XP CMD window: IPCONFIG/ALL

    To bring up a "CMD window" you use the "Start" menu > "Run..." option > and typing in: "CMD" (without the quotes) and hit OK. It looks like an old style MS-DOS window. See image below.

    The ipconfig/all command should list the IP addresses of your DNS servers. You add those just as they appear there each into the trusted zone (separately). Make sure you choose "trusted" when you add each of those IP addresses in the Firewall panel > Zone tabs > Add button > IP Address...
     

    Attached Files:

  8. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Well, there's usually more than one. Try what I posted above and make sure you have the IP address or addresses correct.

    They should stay the same although there are some ISPs that have more than two and sometimes they alternate them. If at any point you find a new one, just add it also to the trusted zone.
     
  9. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    OK, I added 3 DNS Server, very thanks :D
    It's necessary for program such Kazaa, eMule, and other P2P Programs make especific rule for a best protection?

    PS: I understand many of antiviruses, but not Firewall LOL.
     
  10. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Well, as you know file sharing programs require server rights to allow other people to pull files from you... So, they are among the more dangerous programs that people run on a daily basis. But, I don't know that any rules in ZAP would necessarily help if you are going to allow people to pull files from you.
     
Loading...
Thread Status:
Not open for further replies.