Why do I need a firewall ?

Hello everybody,

I have tried a couple of firewalls (ZA free, Kaspersky, built in XP Firewall, Outpost, Sygate, Filseclab and right now I’m running NetVeda).

With any one of the firewalls I get the same result when testing Shields up at Steve Gibson’s site:
1.Solicited TCP packets: fail
2..Unsolicted packets: pass
3..Ping reply: fail
4.Ports 21, 23, and 80 are steatlh, the other ports are closed.
5.Leak test: pass (that is with ZA, filseclab and NetVeda; the others I cannot remember anymore)

Furthermore, when I disable the built in XP firewall (thus NO firewall running at all) I also get the same results (1, 2,3,4). [NB When I do not drink alcohol I have the same results].

Windows XP home SP 2
Kaspersky Personal ( and yes, I have disabled the built in “firewall”)
Giant Anti Spyware (is now microsoft antispyware beta)

Any thoughts ?

 

Do you have a router on your conection? If so it may be blocking or some ISPs block common ports which may also be the case.

 

do u have a router/firewall or proxy/anonymizer? also try LnS, ive gotten a full stealth pass on grc.com with it.

 

You are not configuring ZA properly. The others I haven't used.

 

Atomic Ed/WsFuser/The hammer

thanks for your reactions.

I don't have a router nor a proxy but I do have an ISP. I read they sell a Norton firewall in their package. I did not pay for this ( I avoid Norton/Symantec as my mother in law). but i'm gonna contact them. My ISP is the only thing I can think of right now that might be the cause of the problem.

I have installed Look"n"stop. I had the same results with Shields Up as mentioned above. BTW I like LnS, nice firewall, gonna give it a try.

 

Keep in mind some modems also double as router. How are you connecting/modem? If you do an "ipconfig /all" at the command prompt on your system is your IP showing as your public IP or a private IP?

When you do the online scans is anything showing up in the software firewall logs?

Regards,

CrazyM

 

egghead,

My preference, get a router then if you wish to have some control of outbound communications, consider a software firewall. If you are looking at paid solutions, I definitely go this route; if you were looking at free firewalls, I just recommend it. Things like stealth, etc. are, IMHO, irrelevant and/or highly overrated.

Since you're considering LnS, that is the product I use. It's very effective, very light, though I generally use it for application control only - just my preference.

Blue

 

CrazyM/Blue Zanetti

Thanks for your reactions.

It appears that my modem is indeed also a router. I have found out that it uses package filtering; thus it works more or less as a firewall. I guess this modem/router causes the problem.

Returning to my origingel question: why do I need I a firewall?
Even if I don’t use a firewall at all (see my first posting) the modem/router takes care that ports 21, 23, 80 being stealth and that the other ports being closed. This is a "safe" situation. If I do use a firewall these results stay the same, thus configuring the firewall makes no sense.
When using a firewall the only advantage is then that I can control outbound communication? If the answer is yes, what is then the advantage of using a “paid” version, e.g. looknstop, over a “free” firewall?

 

shields up said all ports stealthed when i tested xp2 firewall (dial up)

 

That does explain your results no matter which software firewall you used. Your modem/router will deal with all unsolicited inbound connection attempts, including the online scan tests, and the software firewall on your system will not see these. You will need to determine what configuration options are available, if any, to change how the modem/router responds to these. As long as nothing is showing as open to the Internet you are secure.

The reason many will use a software firewall, in addition to a router, is for outbound application control. If this is something you have determined you want/need, there are plenty of good software firewalls out there both paid and free. It is a matter of finding the one that best suits you and has the configuration/features you want.

Regards,

CrazyM

 

I have never used LnS, other then that I will save my fingers the work out and second this one as I could not have said it better.

 

well using ZA as an example, the paid version (pro) includes privacy features (cookie, javascript handling etc) and the latest v6 has teh OSFirewall. i dont know about other firewalls tho. i do know that kerio and lns have lite versions. outpost has a free one but very limited (no component control, plugins etc) and very old.

 

egghead,

As with most paid versions, the advantage is often convenience, maybe somewhat more detailed or automated usage and so on.

Blue

 

Thank you all for responding, you have been very helpful.

 

I think really you kind of answered your query
Along with a good router..You could elect by choice to use some type(s) app monitoring utility to alert of any changes to registry or files and no soft 'wall.
You could also go into the local security policy editor, tighten some items in there+ plus a few more items in the OS (my network places, properties,in lac general tab, uninstall client for ms,file and print share,qos packet thinghy-IF you don't useem' ...mine are gone lone ago you can still print off the net I do, wins tab disable that stuff in there untick lm hosts lookup(I never use it) and disable net bios.

 

Not really answering your question.
But the test in Shields up at Steve Gibson’s site is too simple.

Try this instead. It performs much more tests:
http://scan.sygate.com/
From the tests, I think you can see the basic values of Firewall.

The above tests are still basic. A normal firewall should pass all the tests.
For a competitive est, you may wish to read this at well:
http://www.firewallleaktester.com/tests.htm

In the test, it shows the capabilities of different Firewall to block leak attacks.
You may try it yourself by downloading them in its main page.