Results 1 to 5 of 5

Thread: IM disconnecting/reconnecting

Hybrid View

  1. #1
    miamia Guest

    Default IM disconnecting/reconnecting

    Hello,
    I am using for icq protocol QIP Infium 9022 and I have problem with disconnecting/reconnecting QIP every few minutes. I have tested it on
    3 computers and the same behaviour. Problem is not my ISP (I have various ISPs on various computers). I thing problem must be
    somewhere in
    ZASS but do not know where
    please help

    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    miamia Guest

    Default Re: IM disconnecting/reconnecting

    So I found out this:When I allow port 5190 in ZASS - Firewall - Main - Internet Zone - Allow outgoing TCP port 5190 it works ok.But when I leave Allow outgoing TCP blank and set up in program expert rules to allow 5190 (in rogram Control - Programs - Qip Infium
    Options - Expert rules)
    it does not allow port 5190 for QIP. Why?
    I think it should allow 5190 for Qip Infium only and it is not necessary to allow 5190 globaly in Internet zone, isn't it?


  3. #3
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: IM disconnecting/reconnecting

    Expert rules in the Program are application specific - they only apply to that particular program.
    If the expert rule is made for the specific program in the Programs and there are no corresponding rules created in the Firewall, then the Program expert rules will fail.
    It is only when there is a matching Firewall expert is made, then the Program expert will work.
    In order for the expert for the Qip to work, after the program expert is made, then immediately make an expert in the Firewall to match it.

    Port(s) and Protocols allowed or blocked in either the Internet Security Zone or the Trusted Security Zone are a quick and painless method without any real need for creating expert rules in the Programs and Firewall.
    The ZoneAlarm will first look at the Program for it's individual requests and the user settings for that Program and for the expert rules (if any) , and then look at the specific allow/block in the Internet Security Zone and the Trusted Security Zone (which are basically a global setting for the Firewall), then finally look in the Firewall's Zones and Expert.

    Oldsod.
    Best regards.
    oldsod

  4. #4
    zaswing Guest

    Default Re: IM disconnecting/reconnecting

    May I please pop in a question very much related to this thread regarding "'If the expert rule is made for the specific program in the Programs and there are no corresponding rules created in the Firewall, then the Program expert rules will fail.
    It is only when there is a matching Firewall expert is made, then the Program expert will work."

    My QUESTION: If a "matching Firewall expert" rule is made, what would restrict other applications from using this matching rule?

    Lets say I have this imaginary control for the Discussed.exe:
    1. I will make an expert rule for Discussed.exe to be allowed TCP out to remote port 5190 of some serverIP
    2. I will make a firewall expert rule to permit my computer TCP out to remote port 5190 of some serverIP
    3. Rule #1 will be the only application rule, all other applications have no expert rule
    4. I will green check Access internet to many applications on the Programs tab

    I know I asked this before, and I read ZA HELP on the evaluation sequence, but it's still not sinking in: what is to prevent Opera, IE , Firefox, Antispyware updater, any old messaging, malware(?) and all those other programs from going out to port 5190 of the serverIP?
    The firewall rule #2 would allow it, would it not?
    Yet my imaginary intention is to allow only the Discussed.exe to go there.

  5. #5
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: IM disconnecting/reconnecting


    <blockquote><hr>zasuiteuser wrote:
    May I please pop in a question very much related to this thread regarding "'If the expert rule is made for the specific program in the Programs and there are no corresponding rules created in the Firewall, then the Program expert rules will fail.
    It is only when there is a matching Firewall expert is made, then the Program expert will work."

    My QUESTION: If a "matching Firewall expert" rule is made, what would restrict other applications from using this matching rule?

    Lets say I have this imaginary control for the Discussed.exe:
    1. I will make an expert rule for Discussed.exe to be allowed TCP out to remote port 5190 of some serverIP
    2. I will make a firewall expert rule to permit my computer TCP out to remote port 5190 of some serverIP
    3. Rule #1 will be the only application rule, all other applications have no expert rule
    4. I will green check Access internet to many applications on the Programs tab

    I know I asked this before, and I read ZA HELP on the evaluation sequence, but it's still not sinking in: what is to prevent Opera, IE , Firefox, Antispyware updater, any old messaging, malware(?) and all those other programs from going out to port 5190 of the serverIP?
    The firewall rule #2 would allow it, would it not?
    Yet my imaginary intention is to allow only the Discussed.exe to go there.
    <hr></blockquote>
    Because the Zone Alarm firewall with alert asking first for permission for the other application to use the port exception. Because the other unruled application has never done this before and it has not rules for this.
    Plus browsers and updaters usually follow the correct port range of 1020-5000 (for windows operating systems) and 1000-5000 for other operating sytems for the local ports and the usual http, ftp, https, etc for the remote ports.
    Any time you see a ZA alert containing the ports out of that range or for the wrong destination port, then the possibility the updater or browser is 0wn3d. (or maybe the entire operating system).Something will be amiss.
    (even without a firewall due the way the program are using the windows sockets and the way the windows works at the tcp/ip stack, the unusual ports or not to be seen ports should never happen).


    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •