Should I be concerned?

Discussion in 'other firewalls' started by dangitall, Aug 6, 2004.

Thread Status:
Not open for further replies.
  1. dangitall

    dangitall Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    430
    Location:
    New Hamster, USA
    Before I switched from dial-up to DSL, my results at ShieldsUp! were pure stealth, but now, while my ports still test as stealthed, my computer (or perhaps the DSL modem) is responding to pings (ICMP echo). Should I be concerned and, if so, how would I set up the proper configuration (ZAFree behind a Westell 2200 modem with an integrated firewall)?

    Also, would the modem's firewall be the reason why ZA no longer shows any logged events (blocks) even though it's set to do so?

    Thanks in advance.
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I am running a hardware firewall in a router and my incoming log in my software firewall is always empty. As far as the pings go I have my software firewall set to block all in and out pings. I don't know if it is really necessary but I have had it like that for at least a year. I don't know how to configure the ZA firewall to block pings but I have done it with sygate and kerio 2.1.5. I am also running DSL. And yes your modems firewall is blocking the incoming attempts before it reaches your computer.
     
  3. dangitall

    dangitall Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    430
    Location:
    New Hamster, USA
    Pretty much what I thought, BigC. Confirmation is always nice, though. And, so far as I'm aware, there are no options for blocking pings in the free version of ZA. I suspect that my main concern should be the port scan anyway, and it looks like I'm covered there. Thanks again.
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Your setup should give you a pretty secure combination of firewalls.
     
  5. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Sometimes I am jealous on people who see huge lists of attackers. I never see any. Also on the attached attacker nothing showing up ever. Doing an external test I see every port stealthed, except the 113, which is closed and what should be (could be) normal.
    Cheers,

    Gerard
     

    Attached Files:

  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    My 113 port is also closed it has to do with my router useing it if I ever let it update the firmware, which is not going to happen real soon.
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,797
    Location:
    Texas
    You can stealth that port by forwarding it to a nonexistent address. No firmware upgrade needed.
     

    Attached Files:

  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    ronjor thanks for the info, it worked like a charm ;)
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,797
    Location:
    Texas
    You're welcome Bigc.
     
  10. martindijk

    martindijk Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    537
    Location:
    Gorredijk - the Netherlands
    Hi dangitall,

    It usually is the modem or router which response to ICMP, so it is NOT your PC who is responding, this is in many cases the way a router or DSL modem deals with ICMP, which can be bypassed by port forwarding as described by Ronjor, so you do not need to worry.

    The reason you don't get any reports from ZA is because your DSL has taken over the firewall job that ZA is supposed to do, i had the same on my pc.

    Just try and run GRC testpage without ZA and you probably will see that you are still steath, which happened with my router.

    cheers,
    Martin
     
    Last edited: Aug 7, 2004
  11. controler

    controler Guest

    Hi

    I was using portforwarding with my Linksys until i read it was a bad idea to port forward and why.
    I just wish I could remember the forum i was reading o_O


    controler
     
  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    There have been security problems with Linksys routers in the past (see Security Alert: Linksys BOOTP Memory Leak for info and links) which could be related though it's worth mentioning the need for a firmware upgrade to Linksys owners in any case.
     
  13. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    There was a time with Linksys routers that the only way to get stealth results all around was to forward all unsolicited inbound traffic to a non-existant internal IP. The problem with this is that anything forwarded results in a NAT table entry and under some circumstances users were finding this would crash the router, while others would experience no problem at all. I believe recent firmwares allow users to "stealth" the router now without having to use the forwarding workaround.

    Basic NAT routers provide good protection from unsolicited inbound packets. Unless you are actually running any servers there should be no need to forward anything through to the LAN.

    Regards,

    CrazyM
     
Thread Status:
Not open for further replies.