Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Problem with ZoneAlarm's ARP Protection

  1. #11
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Problem with ZoneAlarm's ARP Protection

    If there is no fwdb*.txt, then there is no firewall debug log.
    No lspconflict is a good thing, too.

    The logged blocked 1900 port is just dropped UPnP connections as per indicated by your firewall log.

    Oldsod.
    Best regards.
    oldsod

  2. #12
    ohjeez Guest

    Default Re: Problem with ZoneAlarm's ARP Protection

    So any way to fix this ARP issue then?

  3. #13
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Problem with ZoneAlarm's ARP Protection

    Try this:

    ZA | Firewall | Advanced | and check the "This computer is a client of a ICS/NAT gateway running Zone Alarm..." and the router/gateway IP should appear automatically in the dropdown labeled gateway Address.

    in addition in the Advanced panel, uncheck the "Automatically check the gateway for security enforcement" (at the top under the Gateway Security) and uncheck any "Block trusted server"
    (in the General settings) and check the "Include networks in the Trusted Zone upon detection" (in the Network Settings).

    then make sure this is already done:

    ZA | Firewall | Trusted Security Zone | first set the slider to Medium not High. Then open the Custom button. Select the "Medium security settings for the Trusted Zone and everything listed must be unchecked.

    Go then to the Program Control and the Program Control slider shoild be at the Medium or Automatic setting. Not High or Low setting.


    Open the ZA | Firewall | Expert and create this rule:

    Rank: 1
    State: Enabled
    Track: Log
    Name: DHCP
    Comment: Allow connections between my dhcp gateway, as seen by it's IP and MAC, to and from My Computer by it's IP and MAC.
    Using the DHCP and the DHCP client ports by UDP.

    Source:
    First entry is called Computer IP/MAC.
    Select the gateway option in the chart.
    Enter both the IP and the MAC of the computer.
    Call this Computer IP/MAC

    Second entry is called the DHCP Gateway by IP and MAC.
    Select the gateway option in the chart.
    Enter both the IP and the MAC of the router.
    Call this DHCP Gateway.

    Destination: Repeat the items listed in the Source.

    Protocol:
    You will need two seperate entries - one entry with the dhcp client to the dhcp and one entry with the dhcp to the dhcp client.
    First entry select the Add protocol, then the UDP, description is "to the router", in the drop down for the Destination port select the "DHCP" and in the Source port select the "DHCP Client".
    Second entry select the Add protocol, then the UDP, description is "to the computer", in the drop down for the Destination port select the "DHCP Client" and in the Source port select the "DHCP".

    Time: leave the default setting of "Any".

    As previously suggested, the DHCP and the DNS and the Loopback (127.0.0.1) must be listed as Trusted in the ZA | Firewall | Zones.


    In the ZA | Program Control | Programs, these must be listed with not just the Trusted Zone under the Access, but also with the Trusted under the Server:

    csrss.exe
    explorer.exe
    rundll32.exe
    services.exe
    smss.exe
    svchost.exe
    userinit.exe
    winlogon.exe

    This list is the minimum needed, there could be more items yet to be included.
    Plus these items should be allowed with the Internet under the Access.

    Note:
    The MAC and the IP of the coumputer can be seen in the ipconfig /all command.
    The MAC and the IP of the Gateway can be seen in the arp -a command.

    However... if at any time the arp -a is performed and there is seen either two identical IPs with different MAC or two identical MAC with different IPs, then there is some MAC spoofing or arp attack occuring on your local area network.
    Seriously doubt there would be an attack if the local area network is strictly a wired arrangement and not a wireless network.
    Only a wireless network would see any possible attacks.

    Next lock in the IP of the computer in the router and lock in the router's IP in Windows.

    First open the router, then make sure the computer is always assigned the same IP as it is presently using. Enforce this statically assigned IP by including the MAC of the computer. Close or exit the router.

    Then open the Network Connections in Windows, select the Local Area Network, open the Properties, select the Internet Protocol ( IPv4 if Windows Vista or just TCP/IP if XP) and select the Properties.
    In the General tab, enter the correct assigned IP for the computer, enter the correct IP for the router and in the lower section include the correct IP(s) for the DNS.


    Close all windows (ok and apply).
    Close the ZA.
    Completely shutdown the computer.
    Boot the computer.
    Problem should be fixed.


    If there are other security applications installed on the computer that are performing some form of network/firewalling or if the windows firewall is enabled (both in the control panel and in the windows services) or if there are file/driver remnants left over from a previous installation, then the issue could be caused by these and still continue to be an issue.

    Oldsod.
    Best regards.
    oldsod

  4. #14
    ohjeez Guest

    Default Re: Problem with ZoneAlarm's ARP Protection

    Thanks for taking so much time in writing this reply.
    I appreciate your time and efforts.
    Since I am away from my computer right now, I will test this once I have access back to my computer.
    Thanks again.

  5. #15
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Problem with ZoneAlarm's ARP Protection

    Please report if the blocked arp packets from the router are still happening.
    There maybe something else involved.
    Best regards.
    Oldsod.
    Best regards.
    oldsod

  6. #16
    miamia Guest

    Default Re: Problem with ZoneAlarm's ARP Protection

    hello ohjeez,
    did you resolve this issue with ARP?

  7. #17
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,466

    Default Re: Problem with ZoneAlarm's ARP Protection

    <BLOCKQUOTE><HR>miamia wrote:
    hello ohjeez,did you resolve this issue with ARP?
    <HR></BLOCKQUOTE>

    Hello miamia,
    If you have a ZoneAlarm problem, Please Start your own trend..
    as a matter of Curtsey and to provide the Best solution to each Users problem, the Guideline Rules,ask each User to Please starttheir own thread. And start only 1 thread for each problem.</COLOR>
    This insures that each User receives a solution specific to their on Problem,When other user like yourself interject your own problem into the discussion of somebody else's problem, any advice or solution to your problem would confuse and may conflict with the solution to the Originating Users problem..


    Message Edited by GeorgeV on 03-05-2009 10:33 AM
    Last edited by GeorgeV; January 19th, 2014 at 11:26 AM.
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •