Results 1 to 9 of 9

Thread: What is the difference between...

  1. #1
    gamemaster Guest

    Default What is the difference between...

    What is the difference when ZA blocks an Echo Request, a TCP port, and an SMTP port?

    -Mike

    Operating System:
    Windows Vista Home Premium
    Software Version:
    8.0
    Product Name:
    ZoneAlarm (Free)

    Message Edited by Gamemaster on 06-28-2009 01:17 PM

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: What is the difference between...

    Echo Request is basically one of the many Types of ICMP; echo request is commonly called or known as Ping.
    As a general rule, all of the Types of the ICMP are bascially network and internet maintenance or troubleshooting <a href="http://en.wikipedia.org/wiki/Internet_Protocol_Suite"target=_"blank"Protocols</a>.
    Echo Request is commonly used for 'finding' a web server or web site; as every web site and web server does allow incoming Echo request (or else they could not be contacted or found) to be functional to every IP that wishes to connect.
    This is part of the way the internet functions.

    But often certain ISP's will require their home user type of customers to allow both incoming Echo Request and Echo Reply (the responce to the originator of the echo request); as required by neccessity to establish and maintain internet connections. Often this is required for dialup and occasionally for some dsl connections.
    Other than that, most incoming echo requests are not needed for the home users, especially for cable internet users. Although still allowing incoming echo requests is most often not a security risk, it is mainly not needed for the home users as most home users do not host web sites or web servers.

    It is not uncommon for 'strange' or 'unfamiliar' IPs to contact any IP such as the home user's IP.
    Once the site sees there is no responce, from an IP, it does not usually continue attempts (but it has determined by the lack of responce that there is in fact a valid IP regardless of the lack of echo reply responces).
    The 'True Stealth' of the ZA bascially stealths not just the tcp and udp ports but will by default drop the incoming echo request.

    According to the accepted internet principles and practises, incoming echo request should be allowed....and if the website/web server/computer does not wish to continue, it will first respond with a echo reply type of ICMP and then inform in later transmissions not to continue any more connections.
    Sort of like hello, yes I am here, and do not call me again and goodbye.
    Basically an internet politeness or internet manners.
    But as a home user, the echo request does not have to be acknowledged or replied to.
    It is most often simply ignored (especially for home users who have set their hardware routers not to reply to pings).

    TCP seen here.
    Used mostly for http and https traffic (destination ports 80 and 443) , but not limited to only http or https.

    SMTP seen here is used for certain kinds of email over port 25.

    Oldsod.

    Message Edited by Oldsod on 06-28-2009 05:43 PM
    Best regards.
    oldsod

  3. #3
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: What is the difference between...

    I suggest you see this about three-way handshakes to learn as how to internet connections are established between internet computers (or a web site and home user's computer):

    http://www.3wayhandshake.com/

    or http://www.pccitizen.com/threewayhandshake.htm

    often the 'pings' (such as echo request and echo reply) will preceed the tcp three-way handshake connections, if the correct IP address was unknown or lost or uncertain to the inquirering computer.

    Oldsod.
    Best regards.
    oldsod

  4. #4
    gamemaster Guest

    Default Re: What is the difference between...

    Ok, I see, so if I didn't have a firewall, my computer would just automatically allow the ping and get spammed?

    And how &quot;stealthy&quot; is ZA from being detected from outside attackers?

    Thanks.

  5. #5
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: What is the difference between...

    There is no such thing as 'spammed' when discussing the internet.
    That is only appliable for unwanted emails.
    Wrong terminology.

    Without a firewall, basically your computer would promptly reply to the incoming echo requests and bascially say back or in return not to call me again to those servers.
    Which in turn would then set those inquiring servers/computer would not to continue or resume any further icmp connections (or any further connection attempts).
    Basically they asked, your computer replied not to ask anymore and they would politely comply.
    However, there are many, many, many other computers and servers that will inturn ask in their turn and these would get the same answer, these would stop asking then... and manymanymany more computers/servers would be asking next..to get the same do not call reply..and so forth and so on.

    Even windows firewall can be set-up not to respond to incoming echo requests, as it is a fairly universal setting for any software firewall. So can any hardware router.

    Stealth means basically the 'port status' is unknown, not just the blocking certain types of icmp (to help 'stealth' the computer)
    When the port status is unknown, the ports cannot be determined if they are in a CLOSED or a OPEN State or Status. This unknown port status determination is often called "filtered' or more commonly called "Stealth".
    In fact, the ports are not even seen by other servers/computers when they are stealthed, as the software firewall acts as intermediatary or intercepts the connections between the incoming connections and the window's ports (all of the 65,535 ports).

    See Port Scanning for some details.
    BUT be forewarned as most of the connect attempts that are made for ports 20, 21, 25, 135, 137, 138, 139, 445, 513, 1080, 1433, 1434 and many others ports are infact just some of the usual internet noise that is constantly ongoing no matter what.
    I never see this traffic at my own computer as I have a router in front of the computer that automatically drops all of this unwanted traffic.

    Oldsod.

    Message Edited by Oldsod on 06-28-2009 06:32 PM
    Best regards.
    oldsod

  6. #6
    gamemaster Guest

    Default Re: What is the difference between...

    I'm a little confused, if without a firewall, the computer would still &quot;say no&quot; to the incoming request, isn't that what a firewall does? It blocks out the connections and doesn't allow them to send anymore requests. I'm confused, sorry.

  7. #7
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: What is the difference between...

    No ...without a firewall, the computer would have the ports responding with yes I am here and reply to the remote IPs.
    And quite possibly very ready to make connections from incoming connections.
    Once that remote IP recieves confirmation that the IP and the port have responded to it, that remote IP will then definitely attempt to establish connection ot the computer's ports.

    IF the computer's port is 'closed' by default, it will simply respond 'yes I am here and I am closed' so do not bother me anymore.
    The remote IP in return will then reply okay and goodbye.
    But if the port is closed and a hacker wishes to enter into the closed port, the hacker could try to tempt the closed port to open up by giving it some correct data related to that port's useages...that could work in some circumstances (but not always).
    Thus it is possible to actually open the closed port by the using the correct stimulus or inputs.

    If the computer's port is 'open' by default, then any incoming connections to it will always be replied with a 'yes I am here and ready to connect'. In which case the remote IP would be able to reply with okay lets connect, and then followed with the correct data that would be acepted by that port's usual purposes. Thus the connections would be made.
    Windows does have quite a few open ports by default and this is where the risks is involved - any network worm or hacker can more easily enter through an open port and infect not only that computer but also any other networked computers connected to that computer.

    Stealth as mentioned before 'disguises' or 'hides' the actual port states (open or closed) from unwanted IPs.
    It is irrelevant if the port is open or closed by default as the software firewall is preventing any IPs from first seeing the port until the firewall has first checked to verify if the connection is valid or correct.
    If it is valid, the firewall will then relay the connection to the port.
    if the connection is not valid, the firewall will drop (or sometimes deny as there is a difference between deny and drop) the unwanted connection.
    One of the reasons why any type of firewall is a valuable security software....it stops unwanted incoming connections from entering the computer's ports. It does not matter if there are closed or open ports when using a firewall, as the ports are first filtered always by the firewall, thus the worms and hackers never have the opportunity to even talk directly to the ports and make attempts to enter or sneak in.
    The software firewall stops these schemes beforfe they could even happen.

    (Another example to explain is if there are any open ports used or needed on the computer, the software firewall will always check first to make sure the correct IPs are allowed in and the unwanted IPs are stopped from entering. This reduces the risk of possible infections (worms, troyans, hackers, etc) from entering and doing any sort of damage.)


    Malware infections will often make internet connections and very often open ports by themselves to allow new troyan/malware downloads to enter the infected computer and spread even more infections into that computer.
    A software firewall would first either deny that port opening attempt or ask permission to open the port by the named process.
    This is the added layer of security - to prevent unwanted opening of ports to the internet by malware.
    Not just malware attempts by themselves, but by amlware controlled program and applications on the computer - some BHO using the IE to make unwanted connections could be seen by the firewall and stopped OR some malware could be 'hijacking' the brower to make unauthorized connections. Not just browsers but perhaps some of the usual malware targets such as certian windows files such as explorer.exe, svchost.exe, winlogon.exe, userinit.exe, services.exe and so forth.
    Or the malware could be some program specific malware such as malware that infects the adobe pdf reader to download more or other types of malware. And these downloads by the browser, window files and applications/programs does not neccessarily entail opening ports - they could just connect out to do dirty deeds.

    Another security aspect is keylogger or data theft types of malware - these could easily send out your passwords, bank/credit card details, personal info, ssn, etc IF the firewall was not there to prevent to stop the leaking from your computer.

    Oldsod.
    Best regards.
    oldsod

  8. #8
    gamemaster Guest

    Default Re: What is the difference between...

    Oh, ok thanks again I understand now. Sorry for all these questions, I'm new to ports and firewalls and IP's and all that stuff.

  9. #9
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: What is the difference between...

    Not a problem at all!
    We were all new at one time or another and at the same time full of questions with lots of unanswered questions!
    You seem to be at the right place at the right time for the inquires.

    Oldsod.

    Message Edited by Oldsod on 06-29-2009 01:42 AM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •