Stealth in ZA+4.5

Discussion in 'other firewalls' started by snowbound, Dec 7, 2003.

Thread Status:
Not open for further replies.
  1. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi everyone

    My firewall is ZA+4.5

    I have tried many online port scanners(shieldsup,sygate,auditmypc and so on)

    The only one i can achieve stealth is shieldsup. All the others my ports are closed.

    I am only a beginner so i just use the default settings. Every program is set to ask, and nothing gets server rights.
    The only expert rule i have i got from LowWaterMark's post on how to stop pings from the welchia worm.

    My question is, is closed ports good enough?

    If it isn't, how do i achieve stealth on these other online port scanners?


    Thanks

    Snowbound
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Getting mixed results is not unusual, but you should show as stealth with ZA.

    Closed is still secure.

    Is your ZA set at the default High for the Internet zone?

    Edit: cancel the edit as LWM covered the router question.

    Regards,

    CrazyM
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Also, what is your ISP connection type and do you have a router in the mix?
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Yes my ZA+ default settings are on high.

    Iam on cable and do not have a router.

    I would really like to try sites like PC Flank and Hacker Whacker but for some reason they can't read my IP.


    This maybe a stupid question but i can't understand why some sites i can use and some i can't :doubt:.

    If i can't achieve stealth can i feel safe with closed ports?

    I have read posts here from more experienced people saying they are not happy unless their firewall is completely stealth on all online scans.


    Snowbound
     
  5. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Just to add,

    I don't know how to write firewall rules so maybe stealth isn't possible? :doubt:





    snowbound
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    The fact that you can't use some scanning sites at all, and that some others give you results that differ from GRC, is probably all related. The type of network setup your ISP gives you is probably directly related to these issues.

    You might very well be entirely stealth right now. Those sites that will scan you but show your ports closed could simply be scanning the wrong place (the same reason other sites get the wrong IP for you).

    But, regardless of this... The true risk is exposing "open" ports to the Internet. The risk differences between closed and stealthed is in my mind a small thing. But again, I'm suspecting you may very well be stealth.

    No, that's not a problem. You don;t need to know how to write rules to be stealth with ZA. :)
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    One more thought... Can you tell us if your cable provider gives you a true public IP address on your PC, or if they are giving out private IP addresses?

    I won't go into the RFC (RFC 191:cool: that describes reserved private IP address ranges and their uses, but usually ISPs that use private address ranges give their users IP addresses in the 10.*.*.* range, or alternately between 172.16.*.* and 172.31.*.*, or in the 192.168.*.* range. If your PC has an address in one of these ranges, then you have a private IP address visible only to your cable provider.
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Are you doing any kind of web filtering? Some of these sites will not function properly if things like web proxy filtering are used.

    Getting into the the "stealth vs. closed" debate would be a sure way to hijack this post ;)

    A closed response is normal and secure, and as LWM mentions, as long as you are not exposing open/listening ports/services on your system. ZA will normally stealth a system by default.

    Regards,

    CrazyM
     
  9. Peaches4U

    Peaches4U Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    5,070
    Location:
    At my computer
    Snowbound ... The following URLs below should give you a better understanding of ZoneAlarm. I have ZoneAlarm Pro and am in total stealth, am also on cable, and am as snug as all get out. My Pro version I have password protected. So no worries mate, if you are in stealth you are just fine. Stealth as I understand it means that the computer does not exist on the internet and if a GRC probe was unable to penetrate your firewall, you are A-OK in that area. :)

    The following is a very informative thread LWM posted re ZoneAlarm.
    http://www.wilderssecurity.com/showthread.php?t=3899

    Here is ZoneLabs support site:
    http://www.zonelabs.com/store/content/support/3zapHelpDocs.jsp
     
  10. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi LWM :)

    My IP is not in that range that u specified.

    My ports are always either stealth or closed, never open so that is obviously good! ;)

    I am trying to learn about firewalls and rulesets. It would be nice to know how to do it myself.

    I have learned a lot from your ZA posts.

    Thanks LWM :D


    CrazyM, iam not using any kind of web filtering so........


    Yes the stealth vs closed does cause quite a kurfuffle around here sometimes! ;)

    Thanks LWM and CrazyM for your help.

    I feel secure now with ZA+ just how it is on my system





    Snowbound
     
  11. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Thanks peaches :D

    I have read that thread and it is very imformative(as most of LWM's posts are) :)

    As i said in my previous post :rolleyes:
    I feel my zone alarm, like yours is protecting me from all the baddies out there! :)

    ZA is very good for people like me with limited(veeery limited) ;) firewall skills :)

    Thanks again peaches :D



    Snowbound
     
  12. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    This is the only thing i changed in ZA+ from the default settings.

    I just checked everything in general settings.

    Does this make a difference?

    Didn't know if i should lock host files but i thought i would try it.


    Thanks




    Snowbound
     

    Attached Files:

  13. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    Well, the options in that "General Settings" section are all mostly unrelated. It's a bit of a catch-all area for some overall config options in ZA.

    Checking the first column of items are all meant to increase your security, so if your system works right, connects to your ISP without problems, doesn't timeout or have the ISP connection hang up on you, then leave those 4 checked.

    In the second column, the two "Allow" items have a specific use. If you don't use a VPN to connect to some of network and you don't have any special protocol requirements, then those two should be unchecked. (Never select any extra Allow options unless you need them in order to make your system or a required application work.)

    The Hosts file item isn't a terribly serious item, it just locks your Hosts file. Helpful yes, but not a guarantee that some malware can't still attack your Hosts file. So leave that checked.

    None of these options effect stealth, but those first 4 are good to have checked if you can.
     

    Attached Files:

  14. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi LWM :)

    I've been running ZA+ for about a week with everything checked and system runs fine.

    I just unchecked the two allow options like u said.

    I didn't realize these should not be checked unless needed. Everything else i will leave the same.

    I really don't know if i have true stealth or not but i will run it like this and hopefully it will keep the bad guys away.

    Like i said, i really like ZA for its easability and great out of the box protection.

    Thanks LWM :)
    I will watch for more of your insightful posts on ZA.




    Snowbound
     
Loading...
Thread Status:
Not open for further replies.