Before a firewall kicks in...

Discussion in 'other firewalls' started by Andr, Oct 1, 2003.

Thread Status:
Not open for further replies.
  1. Andr

    Andr Guest

    I am using Zone Alarm firewall and I am satisfied with it, but I am concerned about what happens before the firewall kicks in, I have a cable connection and it's quite obvious there is a lot of communication going back and forth before the firewall start working.
    What can I do to prevent this?
    and should I be concerned?
     
    Andr, Oct 1, 2003
    #1
  2. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    What communication are you referring to?
    Dolf
     
    DolfTraanberg, Oct 1, 2003
    #2
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,280
    Location:
    New England
    Hi André,

    Can you tell us what version of Windows you are running? Also, please tell us a little more about the circumstances regarding what you are seeing...

    Activity lights flashing on a cable modem does not necessarily mean that your OS is actually responding to anything in any meaningful way. It may just be that you are seeing normal network activity (probes from the Internet and even background noise).

    I asked about your version of Windows because ZA works a little differently depending upon version. If you are on NT, 2K or XP, the firewall component in ZA actually starts as a service very early in the PC startup sequence. (It runs under the program name vsmon.exe which is referred to as the True Vector Service.) The user interface starts later and is visible as the ZA icon in the systray. That icon not being there does not mean the firewall is not active. It is active through the vsmon program.

    Edit: The two components still start separately in Windows ME/9x, as well, with vsmon starting as early as possible, however, it starts earlier on NT based OS systems.
     
    LowWaterMark, Oct 1, 2003
    #3
  4. Andr

    Andr Guest

    Thanks for responding...

    I am using windows 98se, high speed cable and the activity I am talking about is the send and receive lights on my modem, the receive light flashing I don't mind but it is the send I am concerned about, this send light never blinks unless I'm on the internet and stops blinking when the the firewall starts working after startup.
    I wonder if it is a function of windows 98 that I can disable, I unconnected my highspeed cable on the computer while letting the modem work on start up, and that stopped the flashing send light and reconnected the cable and internet service was functional....I'm curious to know whom my computer is communicating with ... o_O :D André.....
     
    Andr, Oct 1, 2003
    #4
  5. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,280
    Location:
    New England
    Well, remember one thing... Your computer can only communicate with other systems in a meaningful way if there is a specific application running connected to/on some port. If no application is connected to a port, then no matter how much activity comes in via the Internet on that port, all the OS will do is respond that the port is closed.

    Since this is all happening very early in the system bootup sequence, there really isn't too much likelihood that much else is going on. Given that the OS is still booting, there isn't too much you can do to monitor this. Even installing some other software package to monitor activity won't help because it won't have started that early in the boot process either.

    If you have a second machine and can plug it into the network as well, you could run sniffer software to watch everything that happens on the wire while that system boots.

    If you want to stop any chance of such activity, then a separate firewall or even just a basic NAT router would protect your system while it boots.
     
    LowWaterMark, Oct 1, 2003
    #5
  6. Andr

    Andr Guest

    I might add this also, if I disconnect the high speed internet cable, the boot up takes longuer, as if the computer is waiting for a response... o_O

    Thanks, André.
     
    Andr, Oct 1, 2003
    #6
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,280
    Location:
    New England
    Well that could simply be your system trying to get it's assigned IP address via DHCP.

    Personally, I don't let network services come up on their own during the boot process just to avoid all the different things you've described. I start the network connection manually when the system is up and I'm ready to use it. That's another option in addition to the things mentioned above.
     
    LowWaterMark, Oct 1, 2003
    #7
  8. BWMerlin

    BWMerlin Registered Member

    Joined:
    Aug 11, 2003
    Posts:
    71
    U may be interedted in this, Sygate Personal Firewall PRO blocks any traffic generated before its own service starts up, thus eliminating the brief but risky security policy vacuum. Heres the link http://smb.sygate.com/products/pspf/comparison_pspf.htm
     
    BWMerlin, Oct 1, 2003
    #8
  9. TinyMan

    TinyMan Guest

    I noticed that tiny 5.0 is the first application is see in my task bar after booting up, when sygate and outpost would boot up last. I dont know if that means that tiny catches anything calling out to the net first by default.I do like seeing it in line first though when all other apps show up afterwords.
     
    TinyMan, Oct 2, 2003
    #9
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...