Firewall Capabilities

Discussion in 'ESET Smart Security v3 Beta Forum' started by oldshep, Aug 24, 2007.

Thread Status:
Not open for further replies.
  1. oldshep

    oldshep Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    139
    I am running ESS beta 2 on Win XP SP2. Seems to be running pretty well so far:thumb:

    My question is: What are the Firewall's inbound security capabilities?

    From the ESS help file:

    Does the ESS Firewall do any check for malformed packets or SPI? Will it stealth ports? I can't run a shields up test as I am behind a router with a firewall here and can't connect without it.

    Thanks for any comments.
     
  2. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    you can configure your pc to be on a DMZ within your router.

    this then will leave you bypassing the firewall/nat
     
  3. oldshep

    oldshep Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    139
    Right, I think I saw that somewhere in my router manual o_O But to be honest, I was hoping someone who didn't have a firewall router would post results or comments. Not that I'm lazy or anything;)
     
  4. crummock

    crummock Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    198
    Well, for interest Ichanged my router to DMZ my PC and then tested using ShieldsUp at www.grc.com.

    ESS passed all the tests with flying colours apart from ping response.

    There seems no way switch off the rule that allows ICMP responses in either Automatic or Interactive mode, but I could have missed the setting ?
     
  5. Clweb

    Clweb Registered Member

    Joined:
    Dec 28, 2002
    Posts:
    127
    Location:
    France
    When you have a router, the ping response on WAN must be disabled on the router.
     
  6. ASpace

    ASpace Guest

    It must be GRC's bug about the ping . I use DSL connection and NAT in the modem . Everytime I test my NAT device it passes everything but their ping test . Moreover , when I test ZA free , Windows Firewall or ESS on dial-up connection (no router on dial-up - obviously) they also pass everything but GRC's ping . So it looks like a bug for all the 3+1 firewall configured for max not to pass this ...

    On the topic , ESS protects very well from inbound attacks . Passes all tests with Stealth on hackerwatch and PC-Flank.
     
  7. mayt

    mayt Eset Staff Account

    Joined:
    Mar 12, 2007
    Posts:
    84
    Location:
    Bratislava
  8. crummock

    crummock Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    198
    Thanks, that sounds sensible but I assumed that the existing system rule to allow all pings would take precendence over any user created rule.

    Can you confirm how conflicting rules are handled to determine what wins ?
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
  10. oldshep

    oldshep Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    139
    Thanks Stem. I did find this window. I agree that hard_coded rules are unfamiliar to me as my experience is with ZA and Comodo which do not use these. And I have to agree with crummock's question :

    Also today, I checked my Firewall log files and there are numerous entries there that I don't understand. Any comments are welcome.

    edit: Setup is ess beta2 on Lenovo win XP sp2 behind Actiontec router (not set as trusted)
     

    Attached Files:

  11. kC_

    kC_ Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    452
    i also get lots of those
    about every 2 minutes or so
     
  12. oldshep

    oldshep Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    139
    Strange that ess doesn't provide any further information in the logs (empty columns). From my days with Comodo, I think these might be related with IGMP or possibly upnp from my router. I have verizon Fios service and the router also communicates with my TV set top box. But I don't know how to tell for sure with the minimal info from the logs.
     
Thread Status:
Not open for further replies.