Results 1 to 6 of 6

Thread: Multi-part and thanks

  1. #1
    snorfle Guest

    Default Multi-part and thanks

    I used ZA free for years. When I went to http://www.grc.com/default.htm
    to dl Leak test, the free version was never penetrated. The Security Suite's firewall is always penetrated. Any suggestions here?
    Another part, I use Netzero and an unsecured local wi fi. When I use http://www.grc.com/default.htm
    port scan I am always passed with true stealth. This is for the free ZA and Security Suite. However, both the free ZA and the unfree version both fail the port scan on wi fi. Any help here?
    Robin, er, snorfle



    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Multi-part and thanks

    Hi

    When the shields up! test is started, it actually says the actual IP of the PC being tested. Does the IP shown in the grc.com page match the true IP of the PC?

    If the IP shown does not match your PC's IP, then it is not your PC that is being tested, but the local wifi server that is suppling the wifi. Or the server in front of the wifi. The wifi is doing NAT, yes, and in fact, it would be the wifi router that is being tested and not your PC.

    The only true way to get an accurate test from shields up! at grc.com is to hook the PC directly to a modem and then do the test. That would be a 100% accurate test of the PC firewall.

    Another important point is there should be no rights allowed for the Internet Server Zone. Any rights allowed for the Internet Server does mean there are open ports to the Internet and that would show on any port scan.

    Secondly, what are the ports listed as being failed in the test? Something like ident or http or pop3?



    Oldsod
    Best regards.
    oldsod

  3. #3
    snorfle Guest

    Default Thanks for the note.

    Do you think the IP I can get from Netmeeting is mine or the wi fi's? I will try this to see. Hmm. I could get an IP from Netmeeting but could not get the Port Scanner to scan my port, just the one you mentioned.
    : ^(

    I got the rights worked out, so the LeakTest won't connect but I still get failed at the port scan. Now, no port fails. Its just that the
    GRC server can ping me. It cannot do this with my dial-up.
    I got the new version of ZA today and I let it's defaults stand. I will see how this works. No different, I just checked and got this: "Solicited TCP Packets: PASSED No TCP packets were received from your system as a direct result of our attempts to elicit some response from any of the ports listed below they are all either fully stealthed or blocked by your ISP. However
    .
    .
    .




    Unsolicited Packets: PASSED No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)



    Ping Reply: RECEIVED (FAILED) Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation."
    Is there a way to stop the ping reply in ZA? I have not found this feature.
    Thanks again,
    Robin

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Thanks for the note.

    Hi

    Okay what you have shown me makes sense. It is not the PC that is replying to the ICMP Ping. It is the hardware that is replying. The wifi network has a hardware firewall and it is set to reply to the pings.

    Try this...

    Left click the Start button and open the Run, type in command, hit OK, and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side. There should be an IP showing- this is the actual IP of the PC. Record all of these.
    Now do the port scan test. But one the very first page will be the IP shown that is actually being tested. If the two IP's match, then it is the PC that is being tested. If the two IP do not match, then it is not the PC being tested and instead it is the wifi router or the server in front of it.

    Netmeeting is another issue. I had interepted your provider as being NetZero.

    Oldsod
    Best regards.
    oldsod

  5. #5
    snorfle Guest

    Default Re: Thanks for the notes.

    Netmeeting. Click Help / About and the screen has your IP. Well, its close to what you said with a 3 on the end that command didn't have.
    I tested again and the numbers were different when I used wifi. Its an unsecured free one put up by the little town I live in.
    I also have Netzero for when wifi is out. When I use NZ, the port scan always passes in Stealth and has the same numbers.
    My main concern was that the wifi was not as secure. If ZA protects my computer, its enough. The folks at the wifi are not very helpful. I suspect the town is not paying them much. So this should do me on this issue.
    I am glad for your help and will likely have other questions later. I noticed when I got the new version of ZA today I had to install it twice in order to get the virus scanner to work and update. I was getting error messages. Its OK now.
    Robin

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Thanks for the notes.

    To have that server or the wifi transmitter/receiver allow the reply to pings is not a real security risk. Any intruder or hacker is just attacking that wifi hardware and not your PC. As you have seen the hacker cannot attack your PC- he will only attack the IP seen in the port scan and not the true address of the PC and thus is not attcking the PC. By the nature of the NAT from the server, that hacker or intruder cannot actually get to your PC.

    To a large degree, that lack of security from the reply ping is over-rated. It really does mean to the other servers in the internet, that it is there. And that is often needed to maintain internet connections and for some to have remote logins or VPN connections established. An other example would be pinging the google.com server from your own PC. If the google.com server did not reply to the pings it received, there could be no connection established. To make the actual connection requires about three different messages back and forth, between the server and the PC, and only then can a true TCP (and UDP) over IP connection be established and followed through. Ever notice that most trojan ports attacks are TCP and not UDP- it is even harder to attack the UDP ports than the TCP ports. It is not that simple to just ping a PC and get a reply and walk in the door and become master of the castle.

    The only real time reply to pings is dangerous is when the home PC is hooked directly to the Internet without any router or hardware firewall device in front of that PC. That would mean any person could be calling the PC and getting an immediate responce. In that sense, the PC would be highly visible to the entrie internet. But the PC would be protected by the Zone Alarm and no intruder could be able to enter the PC. So the malicious attempts would be defeated and pointless.

    Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •