Help, I extremely need now, PLEASE...

Discussion in 'other firewalls' started by CoolWebSearch, Jul 9, 2008.

Thread Status:
Not open for further replies.
  1. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,213
    Hi, everybody.
    I just bought a new Edimax ADSL2++ Router.
    For extra safety I tried 3 software firewalls CFP 3.0, ZoneAlarm Pro and Outpost Firewall Pro-even though my firewall and SPI in my router were completely disabled, I started visiting some dangerous websites.
    Despite, I was on the internet for over 2 hours neither of these 3 software firewalls were showing any blocked intrusion.
    You'll probably say to me that this is because of the router-but that's impossible, since both firewall and SPI were both turned off!
    Than I went to pcflank.com and grc.com to check how good my protection is, bit I failed all attacks, and yet how didn't I get infected being on the net for over 2 hours?
    This is truly insane.
    And believe me I did check, re-check, re-re-re-check with the best antivirus and anti-spyware shareware products-nothing was found, otherwise I'm sure I would notice it like the last time before this my computer was full of malware.

    Any opinions?
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Hi!
    even if you turn OFF the firewall/SPI on the router you have still NAT on.
    So tests will most likely found most closed ports and few open ones (depending on configuration).

    To test properly you need to remove the router and plug your system directly to the modem and if your router is the modem than you need to set your router only as MODEM.

    Cheers,
    Fax
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Even if you had your firewall off - all of your firewalls, if you run no services and did not download and execute anything, then there's no reason to get infected.
    Mrk
     
  4. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,213
    Big thanks to both Fax and Mrkvonic.
    One question: If I completely turn off NAT and SPI and firewall, will ZA Pro in this case start to count all of the intrusions blocked, what I have to do to see blocked intrusions in ZA, Comodo, Outpost?
    Also, I noticed that my router is more or less colliding with ZA Pro, it's almost an overkill, why is that the same goes with Outpost Pro?
    What should I do-would simply turning off the NAT (yes I think you're right, before I entered the router, NAT was enabled-I think), and turn off the firewall and SPI and than this will resolve the problem or I have to do something else with my LAN?
    Please, help.

    Of course, I'm not trying to compromise my own security.
    Big thanks to both Mrkvonic and Fax.
     
  5. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,213
    Well, it's true I didn't download anything, I simply surfed through various websites.
     
  6. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Personally, I wouldn't turn off NAT for love nor money. Unless I wanted the machine to get infected.

    SamSpade


    |||
     
  7. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,213
    Sure, but I used Outpost Pro, ZoneAlarm Pro and Comodo Pro before and they did protect me without any NAT.
     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    If your system (OS and related software) is fully patched the chance to be infected are really near to 0 if not a full zero even without a firewall. :) Unless you voluntary run specific executable or surf to infected sites!

    Cheers,
    Fax
     
  9. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Yes, just check your machine IP (start --> run --> type cmd --> type IPCONFIG /All on the new window) is really not the one assigned by the Router (e.g. 192.168.X.X or 10.X.X.X, etc...). Then you are without the router and you can test your software firewall.

    Cheers,
    Fax
     
    Last edited: Jul 9, 2008
  10. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
  11. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    You can put the internal IP address your PC uses (obtained from the router) into the DMZ and that will let all traffic flow thru to the software firewall. I don't know why you'd want to do that though, but that's how you'd do it.
     
  12. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    Yes, of course. And I use my computer on the road a lot without a NAT router, using software firewalls instead. What I'm saying is: if I have a NAT at my disposal, I'm going to use it. Might not be necessary with a good soft FW, but for peace of mind I like my NAT!

    :D

    SamSpade


    |||
     
  13. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415

    Online gamers use DMZ, I am told.

    LOL on your sig, by the way.

    Woot!


    SamSpade

    |||
     
  14. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Putting you LAN IP in DMZ will route all packets to that IP. To turn off NAT completely, you would need to turn off routing and set your gateway (router) in bridge mode. This will cause your (one) PC to have your ISP assigned WAN address.

    What intrusions do you expect to see out there? There are none, unless you initiated them.

    Checking software firewalls for "stealth" i.e.

    Cheers,
     
  15. Hoodied

    Hoodied Registered Member

    Joined:
    May 30, 2008
    Posts:
    10
    Hey Everyone!

    Just too touch up on the original posters question a little bit.

    For a test (taken a 2 years go), I ran my always on Internet which is a cable modem for a period of a year and a half without a software firewall and router. I simply directly connected to the internet. During this time period, I never got infected or became a victim to an internet network attack.

    In fact, to stimulate real results of an average user without a router, I had many service ports open and could have easily been seen via port scan.

    I think that as long as your system is fully patched and your just a simple home user, It's pretty much safe to say that you have a low chance of getting infected unless you deliberately just to do so. Meaning your visiting drive by download sites and downloading and executing Malware, which even a pure firewall or router can't save you from.

    However, I would not recommend this method for business owners, or anyone who works from home and keeps serious and important documents on their PC. You can never tell when that next vulnerable can arise which can compromise your data.

    On a side note, for anyone who has or is about to comment that a Firewall can save you from malware connecting out. Please remember that when malware is connecting out or trying to that it's post infection, which means the main damage has already been done. When this happens, the only safest method of assuring no data is leaked (even if your firewall has claimed to have blocked it) is to disconnect your modem and router and start your cleaning methods and backup boot disc's. Reformat if necessary.
     
  16. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I have done similar with Win2k a few years back, but just for a month or two, no firewall of any kind, no router. I did however first close all ports by various means, so there really was no risk. Nothing evil happened of course.

    Also keep in mind that even though you ran "naked" so to speak, and had ports open, there is a good chance your ISP had some of the important ones blocked. I know mine does this for 137-139 as well as a few others. That could have made a big difference in your case...
     
  17. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,213
    Hi, Seer, Kerodo and others for such quick responses. I came to an conclusion: I will stay with my NAT+firewall+SPI in router enabled-I really don't need anything else, except Avira Antivirus that I use.
    But when I visit some more dangerous websites, I'd like to have a log of outbound connections so that I can manually block them-basically I only want a control over outbound connections so I can block them, if I suspect they are connecting to an weird address.
    And please don't recommend me software firewalls for outbound control I want something that is like I don't know HIPS I guess-but do I really need HIPS for outbound control?
    I simply want the opportunity of having detailed logging and manually blocking outbound connections if it's suspicious.
    Thanks for your time and patience.
     
Loading...
Thread Status:
Not open for further replies.