Full Disclosure mailing list archives

RE: Zone Alarm

From: "Larry W. Cashdollar" <lwc () vapid ath cx>
Date: Wed, 4 Jun 2003 17:50:11 -0400 (EDT)



you can configure BSD to default to deny in the kernel.

IPFILTER_DEFAULT_BLOCK  #block all packets

I have had my software firewall up since 1998, with no probelms.

On Wed, 4 Jun 2003, Joe Hummel wrote:

I would agree with morning_wood - hardware routers are a much better way to
go - when the device fails, you fail closed, as opposed to a software
solution, where if it fails, you fail open (read - open=vulnerable).  In
addition, I've found that even the technically savvy get perplexed by some
of the alerts generated by personal firewall software.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Zone Alarm Ben Tyson-Norrman (Jun 04)
- Re: Zone Alarm morning_wood (Jun 04)
  - RE: Zone Alarm Joe Hummel (Jun 04)
    - RE: Zone Alarm Larry W. Cashdollar (Jun 04)
    - RE: Zone Alarm Ron DuFresne (Jun 05)
  - Re: Zone Alarm Jason (Jun 04)
    - AW: Zone Alarm Michael Linke (Jun 04)
    - AW: Zone Alarm Michael Osten (Jun 04)
    - Re: AW: Zone Alarm Jason (Jun 04)
    - Re: AW: Zone Alarm Michael Osten (Jun 04)
    - YABBT [1] - Re: Zone Alarm Jason (Jun 04)
    - Re: YABBT [1] - Re: Zone Alarm Michael Osten (Jun 04)
    - Re: YABBT [1] - Re: Zone Alarm Ron DuFresne (Jun 05)
    - Re: YABBT [1] - Re: Zone Alarm Jason (Jun 05)

(Thread continues...)