Filesclab ?

Discussion in 'other firewalls' started by kcvale, Mar 3, 2006.

Thread Status:
Not open for further replies.
  1. kcvale

    kcvale Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    28
    Hi,
    I've been checking out free firewalls for my Windowsme computer. I've tried Zonealarm and Sygate 5.5 but I wasn't real happy with either one. I've installed Filesclab. I think I like it. But to be honest I was using NIS 2003 and I didn't have to know anything to use it. That fit me perfectly. But I'd like to expand my horizons. I went to ShieldsUp and I failed both the ping reply test and the solicited tcp packets test and port 68 Bootstrap was not stealthed. Does anyone know what settings will fix this in Filesclab? When I tried messing with the rules on my own I ended up not being able to access some of the Filesclab internet help files. I had to restore to the default settings. Thought I'd better get some professional help. ;)

    Thanks,

    kc
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
  3. kcvale

    kcvale Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    28
    Thanks CrazyM for the quick response. Those are great threads. I'll check out the log and see what I can figure out.

    kc
     
  4. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    kcvale:
    One thing I liked about Filseclab was the relative ease of rule creation/modification, thanks to it's nice logging/monitoring features.
    If, for instance, you have open port 68. GRC it (custom port probe) port 68. Examine log to see what rule allowed it. Adjust rule accordingly.
    (This is echoing Squibbon's tips in the link posted.)
    As a rule of thumb, I find you can generally block all TCP In.

    You should also be able to achieve stealth with the following:

    Create a rule:
    Application: (browse for your browser Firefox, IE, whatever)
    Remote: Anynet
    Direction: In
    Time: Anytime
    Protocol: TCP
    Action: Deny
    This rule should be placed BEFORE your other browser app. rule which typically is: Anynet / All / Anytime / All / Pass.

    Good luck
     
  5. kcvale

    kcvale Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    28
    I appreciate the help I've gotten here but there's a reason why I had Norton Internet Security... It was so simple anyone can use it. I read the posts and tried to follow the very simple and clear instructions. No joy. I monitored the ShieldsUp tests and I found 3 references to port 68, 2 local and 1 remote. I denied each one separately (in and out) then all 3 together. No change in the test. I ran the test several more times and noticed that when I tested port 68 it corresponded to local port 1214 and Firefox. So I tried to make a rule about that.The next time it ran, it came up as port 1260. Although, it was about this time that it dawned on me that the port is not open. It's closed. All the others are stealthed. And I would like for it be stealthed as well.
    As for Ping. I went to the icmp section and tried to change the settings to deny that both for intranet and not intranet. STill failed the test. And I still have no idea what to do about the failed solicited tcp packets.
    I don't get it, folks. Apparently, I need help of the "see spot run" variety:oops:

    kc
     
  6. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    If I remember Filseclab, I think all you have to do is a fresh clean install, and then set the rules to allow outbound only. So if some rules are for both directions (in and out), just make them out only. That should do it. You might try removing it, clean up, then reinstall, and do the above, and see if that helps..
     
  7. kcvale

    kcvale Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    28
    Kerodo, thanks for your reply. I don't know what's going on. In reading some more threads I found that I could block ping from my Belkin 54g router. Which I tried to do. Then I called Belkin tech support. Twice. They can't get the router to block icmp ping either. So I'm thinking it's not the software. Tech support is supposed to call me back today with a solution. We'll see.
    So, thanks for all the help. I like Filesclab. It's easy on the resources. And everything was stealthed except for port 68 which was closed. As for Ping, that looks like a problem with my router. If anyone has any suggestions I'd love to hear 'em.

    Thanks again,
    kc
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    If you are behind a router it will be dealing with unsolicited inbound packets and scans, not your software firewall (unless you have forwarded traffic through the router). You will need to sort out the configuration on the Belkin and see if it is capable of dropping the echo requests (pings) and UDP to port 68.

    Regards,

    CrazyM
     
  9. kcvale

    kcvale Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    28
    While I was trying to get the port situation resolved I developed a windows protection error connected to a filesclab's static vxd file. I contacted tech support and received a very quick response that that is a known error with some windows 98 and me systems and with no solution, I should uninstall. Sadly, I did.
    As for the icmp problem I discovered that is related to the voip system that I have. I reconfigured my router and gizmo and now all ports are stealthed without a software firewall.
    I think I'm back to Zonealarm free for now.
    Thanks very much for the help.

    kc
     
Thread Status:
Not open for further replies.