Results 1 to 5 of 5

Thread: Average home user security Q

  1. #1
    zasha Guest

    Default Average home user security Q



    Hello. I have a security question.

    I recently had a discussion with a friend who
    do bittorrent (ZA Pro updated, Windows XP updated).

    To make it work, he claims that it is generally nessecary
    do the following:

    First create an expert firewall rule with the following settings:

    Add protocol -> TCP/UDP -> Allow (no log), Enabled

    Destination port: Other Any

    Source port: Other Any

    Next,
    create a program expert rule with same settings for
    the client.

    I said. "Hey : The expert firewall rule you have made

    is a bad idea. It really should not be nessecary

    for any client. You have lowered your shields far too much".

    But is this right? I can see (not beeing behind a router)

    that most of my service ports becomes unstealth

    if apply the expert firewall rule (i have high security for the internet zone).

    And in the manual, i read something about Zone rules being skipped whenever a packet

    is allowed by an expert firewall rule. So his expert firewall rule sounds bad to me?

    But is that right? I appriciate comments to this.

    Best wishes.

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:6.5

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Average home user security Q

    Hi

    The ports for bittorrent are 6881-6999 TCP, since the UDP are not used at all by the bittorrent.

    btdownloadgui.exe and right click it, then in the Options button and then enter the ports to use. If you're having trouble connecting, you might try giving BitTorrent access to all ports.

    These ports can be opened in the ZA Pro in the Internet Zone Security using the Custom button and look in the dropdown and enter the port range in the outbound port range,

    After downloading is finished, it would be adviseable to remove the permission for the Internet zone and the Servers rights.

    It is possible your friend has a SPI/NAT router, with the 6881-6999 range set for port forwarding. So yes your friend is correct. Except it should only be TCP not both TCP and UDP. Plus if it works well with just the port ramge, then then all ports is not required.

    BTW have you heard of Peer Guardian or ProtoWall?

    Oldsod
    Best regards.
    oldsod

  3. #3
    zasha Guest

    Default Re: Average home user security Q



    Much thanks for the tip; handy should one ever get involved in such actitivities as BT But i hope you dont think that i or my friend have problems connceting
    or installing or such things. Works fine, you know.

    Its more about the effect/sideeffect of the first mentioned firewall allow rule. What does it provide, that the program rule dont provide?
    Is that it is solving the router issue *alone* , or is there some other thing the rule takes care off which the program rule does not take care off?

    ( Cause once i was routed, albeit in what Zyxel call "single user access mode", and i dont recall to have made the expert firewall rule back then. Only the program rule. I was reachable from remote. Therefore i did not ask my mate if he was routed.)

    much obliged for your help in any case.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Average home user security Q

    Hi

    The firewall rule is a generic rule, while the program rule is component specific. They can work in unison.

    Good rules and ZA details at Guru Hoov site.

    http://www.donhoover.net/

    Glad to hear your mastery of the ZA is excellent and it is working well.

    Oldsod
    Best regards.
    oldsod

  5. #5
    albatros Guest

    Default Re: Average home user security Q ? BitTorrent[s

    Note: This should work for both ZoneAlarm and ZoneAlarm Pro. Leaves an OPEN
    port in firewall for BitTorrent Client, examples herein are for
    Torrent 1.6.

    Try removing everything in your

    [d:]\Windows\Prefetch {where d: = drive Windows installed on}

    folder EXCEPT for the .INI file, Now remove everything in the "internet logs"
    folder (which is mostly used by just ZoneAlarm anyway.)

    Simplest way to find it is to search for "internet*logs" - stop search when
    it is found, and clean out all the files and empty your recycle bin.

    Backup your ZoneAlarm settings, under "Overview | Preferences".

    Now Reboot {this gives a 'clean' internet logging area for ZoneAlarm.} note
    this also helps, if a newer version of ZoneAlarm won't install over the old
    one. If you use this remember to backup your program settings if they are
    complex, I know that mine are.

    After reboot, restore your ZoneAlarm settings that you saved before the
    reboot, restore your ZoneAlarm settings, under "Overview | Preferences".

    Now try adding an 'Expert Rule' to ZoneAlarm for your particular BitTorrent
    client, goto the "Program Control | Programs" in ZoneAlarm, select your
    Torrent client.

    e.g.
    Torrent

    First select everything as trusted (green tick) then...

    Right click on it,

    now select "Options | Expert Rules | Add"

    Name the rule (I find the best thing here is the name of the client program)
    {e.g. "
    Torrent"}

    leave everything else as it is and select

    "Protocol - Modify Button"

    Select "TCP" and describe it by naming it (BitTorrent client program name +
    ' ByPass' {note the space}) this identifies it for you in the future, I do
    NOT recommend leaving the description box empty! {e.g. "
    Torrent ByPass"}

    Add the port[s] you need to OPEN {Make this as few as possible, for example in

    Torrent this can be just one, think of a random number above 10,000 and below
    65530 (check web for reserved,) then type it 'over' each box that reads "Any".
    If using a range enter the lowest number in the upper box and largest in lower.

    E.g. Note for example C&C Generals usually uses Port 27890, avoid using Ports
    usually reserved for PC Games and anything below 10,000 etc. [DO NOT use 27374!]
    Now click "OK" to confirm your change and the port[s] allowed. Which are for the
    client software only. {Not the downloads ports, or uploads ports (for seeds.)}

    Now select "Logs & Alerts" set it to "none", this will prevent the ZoneAlarm
    log-file[s] from overflowing & locking up 'VSmon.exe', when it receives so many
    messages from the BitTorrent TRACKERS, (i.e. logging them) everything should
    now be set.

    When it receives so many messages ZoneAlarm, assumes it is under a DDos attack
    and so it then 'locks' vsmon.exe & ALL ports, locking your internet connection
    and forcing a Reboot!

    Close box and now click "OK -> Apply -> OK" to apply the new [{Expert}] rule.

    Backup your new ZoneAlarm settings again, under "Overview | Preferences".

    You MUST remember to set your BitTorrent client, to use ONLY the Port[s] that
    you have specified at this point. Remember also that you now have an OPEN port
    in your firewall on your PC, but it should be too busy for hackers to get at!

    Don't worry your BitTorrent will use lots of others to download & upload stuff,
    but it will only use the port[s] {1 port only in
    Torrents' case} for the client
    software {e.g.
    Torrent} to 'talk' back & forth to the BitTorrent trackers,
    which is where all the the very many messages to ZoneAlarm come from.

    ***

    Reboot your PC and restore your ZoneAlarm settings again, do a Test, if this
    does not work, REMOVE the new expert rule, {described above} and seek better
    advice from the ZoneLabs staff, I cannot help you further.

    It would be nice if Zonelabs would fix this problem. E.g. Add an option, to
    the ZoneAlarm programme (in program settings - right click menu) i.e. "This
    is a 'BitTorrent Client' ", and auto-disable logging of the information for
    that (BitTorrent) client program.

    For more information on this, which I gleaned from the BitTorrent information
    site, I recommend that you read the FAQs for both
    Torrent and BitTorrent
    via the
    Torrent website at...

    http://www.utorrent.com

    Remember this 'fix' does leave an OPEN port in your firewall! I do not know
    of a way of doing it without doing so, if someone else does, please leave a
    message here so I can close the OPEN port as well. The OPEN port allows for
    'Port Forwarding' and 'Seeding' of partial (bits of files) for others to
    download, after you have downloaded a file 100% yourself. This is the thing
    everyone using BitTorrent hates (partial files) and others not seeding, the
    parts of files (or whole files in this case) that they themselves, have
    already downloaded (100%) via BitTorrent, which is very selfish of them.

    Do not take ANY advice which tells you to TURN OFF your firewall! If you do
    you will be attacked in less than 20-22 seconds, according to the BBC TV
    programme 'Click'. (i.e. Hackers will try, or will probably take over your
    PC!) See http://www.bbc.co.uk/click

    Follow the link that takes you to the BitTorrent 'firewall' discussion /and/
    advice areas, which is where I found this information, it takes a while to
    find ZoneAlarm, and I forgot to record where it was or to bookmark it, which
    is why you'll have to find it yourself. Sorry.

    Note: I recommend removing this rule (OPEN port) once your downloads have
    completed. (For BitTorrent I have heard that it needs 4 ports 6881-6999)
    for it to work correctly.

    One of the main reasons that I use
    Torrent, is because it uses less open
    ports (only one,) and I get to choose which one, it is not 'fixed' as in
    BitTorrent.

    So I hope that this helps you.

    Cheers

    Albatros

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •