Really Really Powerful Inbound Protection

You guys might say Windows firewall would suffice for inbound protection but...
I want the firewall with the most powerful inbound protection :>

one that logs everything and show me everything it blocks
I don't mind if it has outbound protection or not.



I want this Really Really Powerful Inbound Protection....
even if its not really a firewall as long as it blocks malicious inbound traffic/packets. :>

 

try zonealarm. even the free one is extremely powerful. it logs everything, it`s lite on the system.

 

I'm trying ZA free at the moment... but it blocks 50% less than comodo fw does..
does ZA Free have ARP protection?

EDIT: I gave up on ZA Free.
OnlineArmor FREE doesnt show me detailed logs.
PCTools is owned by Symatec so no to its FW.
PrivateFirewall has good logging and blocking but... on the long run it leaves some of my ports open/un-stealthed thus not passing GRC ShieldsUP test
Outpost FW i dont know.
Comodo FW... good blocking and logging but their controversies scares me :<

 

You could try Jetico Personal Firewall.

Jetico has full TCP stateful inspection along with UDP and ARP packet inspection. Its a highly configurable firewall with a great logging system. Some of the reject rules at the end of the tables don't have a logging event enabled by default so you have to go through and make sure logging is enabled for them if you want to see everything. Jetico also uses very little resources.

If its the first time your trying Jetico firewall I would recommend bypassing the HIPS function tables until you get the basic network activity rules in place first. This helps from being bombarded with tons of popups. (Click on Optimal Protection table and then click on 'bypass' under:

*Application filter: Direct Network Access
*Application filter: Indirect Network Access
*Process Attack filter

Application filter: Network Communication should be the only one still in "learning mode'. The only popups now will be from actual network activity. These tables can always be turned back to learning mode later if you want. I personally find HIPS to be annoying and pretty much useless anyways, but thats just my opinion.

http://www.jetico.com/firewall-jetico-personal-firewall/ (I highly recommend reading the help-file.)

 

There is also excellent light, pure firewall: Look 'n' Stop

 

Oh! wow! I'm liking this firewall...
Thanks Creer~
I can't buy it though..

30-day trial... image restore... 30-day trial...

life is hard for the poor

 

Try latest free version of Kerio 2.15, there are some additional rules sets floating on the web (Blitzen Zeus based, see the zip file halfway this post http://www.dslreports.com/forum/remark,8023708)

 

Is there not a free version??

 

No, there is no free version of LnS.

 

Read the other day somewhere there was a dumbed down free version but thanks for clearing that up.

 

There was some time ago.
Not too long ago I believe, although not officially supported, it was available at SnapFiles........http://www.snapfiles.com/screenshots/looknstop.htm
But that version has been removed.

 

I think Outpost Pro FW has great inbound protection and excellent logging capabilities. The free version is also good but it doesn't support Win7 yet.

Ice

 

An hardware firewall.

 

I would just get a router, forget about looking at logs, and be done with it.

 

What really matters is whether or not an attacker can exploit a port, not whether or not it is visible.

I don't see that the GRC Shieldsup test is very worthwhile at this point.

It was good at one time, when MS left the barn door fully open and most people didn't even know they were exposed. Gibson showed people that there was a problem, in a way that was easy for anyone to understand.

But now that Windows comes with a firewall enabled by default and has had a lot of things tightened up, I don't think that we need another overly simple "GO/NO GO" test with bright colors and warnings that your a** is hanging out. (Windows itself will complain if it doesn't see a firewall enabled, and that's probably sufficient for this purpose.)

What we really need are tests of firewall effectiveness, and Shieldsup is definitely not one of those.

Besides that, attackers at this point are attacking entire address blocks, and will keep on attacking whether your ports are "stealthed" or not. Their software will simply run through its bag of tricks on your IP address, and it doesn't care whether your ports respond or not; it will keep on probing until it's time to move on to the next address. (Or until it is able to exploit something at your address obviously.)

Besides that, your ports can't be completely invisible or else you'd have no inbound TCP/IP connectivity. You have to open some of them up sometime if you're planning on using the network for things like web browsing or retrieving your e-mail. And when you do, what matters is if your firewall can block exploits.

 

from my experience - it does not need any strong inbound protection like a software firewall.
any router with fine firewall/nat will do and the rest is this:
whats not present cant be (ab)used.

so the router drops unrequested inbounds - and when it reaches the system
the concerning service or program is not present or running - and cant be started.
so windows automatically drops such requests.
the most common intrusions are:
browser, javascript, java, flash, pdf, downloaded executables *

if you control such data paths the system is almost secure.

note - if some reaches your system* in most times its already too late!

eliminate intrusions at the first borders you have - not when they are already in.
a software firewall only prevents outgoing traffic (in case of a router).

 

PC Tools Firewall is great for this. Excellent Inbound/Outbound. Set it to Advanced and it offers stronger protection. It will show you what files it blocks, allows and partially allows.

 

Well... Core Force is really really powerful. However, it's so powerful that it seems the people behind it gave up.

Anyway, if you are crazy enough - have never seen such granular stuff with any other product. Screenshots here. My favourite one is the permissions settings

Would I suggest you to use it? Well, no, unless you are completely crazy and have couple years to spare configuring it.

 

@Konata Izumi

Havn't tried Comodo but i don't understand your seemingly poor results because i always get 100% stealth passing the GRC ShieldsUP test with no problems, even with a much older version of ZA free, oh and no router



Maybe you havn't configured it enough ?

How about

GhostWall FireWall

http://www.ghostsecurity.com/ghostwall

 

Look ‘n’ Stop Lite, the free version of Look n Stop, can be downloaded here.

It has only inbound protection only.

 

Do you not trust Matousec tests?
Regards,
Jerry

 

This site is linking to an older Look ‘n’ Stop package, it’s still 30-day Trial, after which it’ll run in limited mode. You should point directly to the official Look ‘n’ Stop product website for the latest download package.


There is no officially supported “free” non-limiting version of Look ‘n’ Stop, ... there was ‘Look ‘n’ Stop Lite', and the latest version was 1.04, released in May of 2002.

Anyways, I wouldn’t recommend the use of an non-supported security product, free or otherwise.


Regards,
Phant0m``

 

Rule-based software firewalls, you can choose to block “EVERYTHING” coming in at an very early state and long before the possibility of an attack. You can fully control the incoming packets aswell as the outgoing packets.

Unlike Routers, true-SPI software firewalls can go further than just the header information but also the contents of the packet “up through the application layer” in order to determine more about the packet to better protect against possible attacks.


Regards,
Phant0m``

 

Kerio 2.15 Pretty easily configured to block and log everything

Jetico would also be good

 

Hello. I would recommend comodo firewall it is really worth to try.