Security Basics mailing list archives

Re: Remotely manage Zone Alarm

From: "gregh" <chows () ozemail com au>
Date: Tue, 9 Sep 2003 08:09:31 +1000

----- Original Message ----- 
From: Birl 
To: security-basics () securityfocus com 
Sent: Saturday, September 06, 2003 3:50 AM
Subject: Re: Remotely manage Zone Alarm

chows:  2) Check out Full Disclosure and other lists here at
chows:  SecurityFocus. There are floods you can send at ZA Pro that stops
chows:  it working. Then you can get in.

Have to disagree on that.  Every exploit/flood/etc that has been posted to
bugtraq and full-disclourse (especially the recent UDP DoS attack) has
failed to bring down ZA Pro in the test labs.


You must have read something different to me, then. I have actually HAD a ZA Pro I run to keep up to date with what it 
does/doesnt do (many of my customers choose to use it, sigh....) stopped by a flood. I had to pull the plug to stop the 
flood, restart the prog and logon again. I have been testing some of those floods from a client on my own lan and it 
doesnt have the same effect. Use it on a remote ZA Pro that isnt on my own lan and it works. Strange. Dont know what to 
make of that one.

Since I run ZA Pro, whenever I see an exploit I immediately bounce it over
the ZoneLabs people for investigation.


Well, sure but to be honest, there are things you can do better than using ZA Pro which I am sure you know 
already.....depending on the exploit you mean, of course.

I dont doubt that ZA Pro can be broken, but I havent seen it done and I am
willing to take ZoneLabs answer at face value.


I am not. I have reported a bug with the software which equates to an exploit just by chance but actually isnt meant to 
be one and I have reported it 3 times. Each time they say I am wrong and each time I have given them the info. I dont 
trust a word they say at Zonelabs right now. I still HAVE to register it when it comes up for renewal, though, as I 
cant get my customers who "know what they are doing" off it on to something better......excepting one. 


Greg.

---------------------------------------------------------------------------
Captus Networks
Are you prepared for the next Sobig & Blaster?
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Precisely Define and Implement Network Security
 - Automatically Control P2P, IM and Spam Traffic
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------

Current thread:

Remotely manage Zone Alarm Cesar Diaz (Sep 04)
- RE: Remotely manage Zone Alarm Zachary Mutrux (Sep 04)
- Re: Remotely manage Zone Alarm gregh (Sep 04)
  - Re: Remotely manage Zone Alarm Birl (Sep 05)
    - RE: Remotely manage Zone Alarm Jef Feltman (Sep 08)
    - Re: Remotely manage Zone Alarm gregh (Sep 08)
- RE: Remotely manage Zone Alarm Aditya (Sep 05)
- <Possible follow-ups>
- RE: Remotely manage Zone Alarm Halverson, Chris (Sep 04)
  - RE: Remotely manage Zone Alarm Mike Peppard (Sep 04)
- RE: Remotely manage Zone Alarm Jay Woody (Sep 04)
- Re: Remotely manage Zone Alarm Thomas Graf (Sep 04)
  - Re: Remotely manage Zone Alarm Birl (Sep 05)
  - Question on Corrupted BlackIce Defender Installation Paul Fishbein (Sep 11)
    - RE: Question on Corrupted BlackIce Defender Installation matt willson (Sep 15)
- Re: Remotely manage Zone Alarm small fry (Sep 05)
- Re: Remotely manage Zone Alarm Cesar Diaz (Sep 08)