Results 1 to 9 of 9

Thread: What is the difference between...

Hybrid View

  1. #1
    gamemaster Guest

    Default What is the difference between...

    What is the difference when ZA blocks an Echo Request, a TCP port, and an SMTP port?

    -Mike

    Operating System:
    Windows Vista Home Premium
    Software Version:
    8.0
    Product Name:
    ZoneAlarm (Free)

    Message Edited by Gamemaster on 06-28-2009 01:17 PM

  2. #2
    Join Date
    Dec 2005
    Posts
    8,996

    Default Re: What is the difference between...

    Echo Request is basically one of the many Types of ICMP; echo request is commonly called or known as Ping.
    As a general rule, all of the Types of the ICMP are bascially network and internet maintenance or troubleshooting <a href="http://en.wikipedia.org/wiki/Internet_Protocol_Suite"target=_"blank"Protocols</a>.
    Echo Request is commonly used for 'finding' a web server or web site; as every web site and web server does allow incoming Echo request (or else they could not be contacted or found) to be functional to every IP that wishes to connect.
    This is part of the way the internet functions.

    But often certain ISP's will require their home user type of customers to allow both incoming Echo Request and Echo Reply (the responce to the originator of the echo request); as required by neccessity to establish and maintain internet connections. Often this is required for dialup and occasionally for some dsl connections.
    Other than that, most incoming echo requests are not needed for the home users, especially for cable internet users. Although still allowing incoming echo requests is most often not a security risk, it is mainly not needed for the home users as most home users do not host web sites or web servers.

    It is not uncommon for 'strange' or 'unfamiliar' IPs to contact any IP such as the home user's IP.
    Once the site sees there is no responce, from an IP, it does not usually continue attempts (but it has determined by the lack of responce that there is in fact a valid IP regardless of the lack of echo reply responces).
    The 'True Stealth' of the ZA bascially stealths not just the tcp and udp ports but will by default drop the incoming echo request.

    According to the accepted internet principles and practises, incoming echo request should be allowed....and if the website/web server/computer does not wish to continue, it will first respond with a echo reply type of ICMP and then inform in later transmissions not to continue any more connections.
    Sort of like hello, yes I am here, and do not call me again and goodbye.
    Basically an internet politeness or internet manners.
    But as a home user, the echo request does not have to be acknowledged or replied to.
    It is most often simply ignored (especially for home users who have set their hardware routers not to reply to pings).

    TCP seen here.
    Used mostly for http and https traffic (destination ports 80 and 443) , but not limited to only http or https.

    SMTP seen here is used for certain kinds of email over port 25.

    Oldsod.

    Message Edited by Oldsod on 06-28-2009 05:43 PM
    Best regards.
    oldsod

  3. #3
    Join Date
    Dec 2005
    Posts
    8,996

    Default Re: What is the difference between...

    I suggest you see this about three-way handshakes to learn as how to internet connections are established between internet computers (or a web site and home user's computer):

    http://www.3wayhandshake.com/

    or http://www.pccitizen.com/threewayhandshake.htm

    often the 'pings' (such as echo request and echo reply) will preceed the tcp three-way handshake connections, if the correct IP address was unknown or lost or uncertain to the inquirering computer.

    Oldsod.
    Best regards.
    oldsod

  4. #4
    gamemaster Guest

    Default Re: What is the difference between...

    Ok, I see, so if I didn't have a firewall, my computer would just automatically allow the ping and get spammed?

    And how &quot;stealthy&quot; is ZA from being detected from outside attackers?

    Thanks.

  5. #5
    Join Date
    Dec 2005
    Posts
    8,996

    Default Re: What is the difference between...

    There is no such thing as 'spammed' when discussing the internet.
    That is only appliable for unwanted emails.
    Wrong terminology.

    Without a firewall, basically your computer would promptly reply to the incoming echo requests and bascially say back or in return not to call me again to those servers.
    Which in turn would then set those inquiring servers/computer would not to continue or resume any further icmp connections (or any further connection attempts).
    Basically they asked, your computer replied not to ask anymore and they would politely comply.
    However, there are many, many, many other computers and servers that will inturn ask in their turn and these would get the same answer, these would stop asking then... and manymanymany more computers/servers would be asking next..to get the same do not call reply..and so forth and so on.

    Even windows firewall can be set-up not to respond to incoming echo requests, as it is a fairly universal setting for any software firewall. So can any hardware router.

    Stealth means basically the 'port status' is unknown, not just the blocking certain types of icmp (to help 'stealth' the computer)
    When the port status is unknown, the ports cannot be determined if they are in a CLOSED or a OPEN State or Status. This unknown port status determination is often called "filtered' or more commonly called "Stealth".
    In fact, the ports are not even seen by other servers/computers when they are stealthed, as the software firewall acts as intermediatary or intercepts the connections between the incoming connections and the window's ports (all of the 65,535 ports).

    See Port Scanning for some details.
    BUT be forewarned as most of the connect attempts that are made for ports 20, 21, 25, 135, 137, 138, 139, 445, 513, 1080, 1433, 1434 and many others ports are infact just some of the usual internet noise that is constantly ongoing no matter what.
    I never see this traffic at my own computer as I have a router in front of the computer that automatically drops all of this unwanted traffic.

    Oldsod.

    Message Edited by Oldsod on 06-28-2009 06:32 PM
    Best regards.
    oldsod

  6. #6
    gamemaster Guest

    Default Re: What is the difference between...

    I'm a little confused, if without a firewall, the computer would still &quot;say no&quot; to the incoming request, isn't that what a firewall does? It blocks out the connections and doesn't allow them to send anymore requests. I'm confused, sorry.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •