Full Disclosure mailing list archives
Re: Personal firewalls.
From: Eliah Kagan <degeneracypressure () gmail com>
Date: Fri, 20 Jan 2006 17:52:37 -0500
However I do wish it had the feature that Sygate PRO has, which will blackhole a IP if it detects a ports scan coming to it. it then blocks all activity from the offending IP for approximately 10 minutes.
Well, it's a feature if the probes are really coming from the computer Sygate PRO thinks they're coming from. Suppose X is running Sygate PRO and Y is a legitimate client connecting to a server running on X. Then Z comes along and sends a bunch of SYN packets to X, spoofed to have the source IP of Y, waits 10 minutes, and repeats ad infinitum. Now Y can never connect to X. This seems more like a DoS vulnerability than a feature to me. Am I missing something? -Eliah On 1/20/06, Soderland, Craig wrote:
Time to thrown my .02 cents in. Zone - Good product, though it requires much thought and proper configuration for successful installs. does not, always save your configurations settings when you shutdown. This I find occurs most often when you upgrade Zone from one version to another and not use the "clean install option." If this occurs you have 2 options. 1. re-install zone, utilizing the clean install option and then re-enter your rules. 2. do not re-install zone but when you have made firewall rules changes, exit out of the program after making the aforementioned changes, when Zone exits, not as part of a shutdown it seems to correctly flush the configuration to disk. Another issue with zone, is that they have not yet fixed the bug in the true vector engine. I can can cause true vector, to regularly crash out and leave the system unprotected from a remote client. I have notified Zone's engineers, specifically how this was done and to date no response from their side. To their credit, when this occurs now the system loses all network connectivity (with recent update.) and the VSMON service now restarts. So even though the bug in True Vector still exists they have worked around it so as to not leave your system completely vulnerable as in the 5.x versions. But other than this it is a good package, very flexible, and powerful though requiring a certain level of sophistication to configure it properly. However I do wish it had the feature that Sygate PRO has, which will blackhole a IP if it detects a ports scan coming to it. it then blocks all activity from the offending IP for approximately 10 minutes. It however had a similar problem to zone in that we could easily get the FW to crash out, however when it did crash out all connectivity was lost. To date this also has not been fixed. the other firewalls I've played with, all had their own set of feature issues, With Black Ice being the worst piece of Garbage, I have had my displeasure of ever installing. Just too damn easy to defeat. in all cases, I would recommend a firewall software, especially if you are on a laptop, and might ever be out on he wild wild internet without being behind a hardware firewall. Preferably something that will also check on programs attempting to make outbound connections. But I would not rely on just a software one either. And with hardware many users/companies make the same mistake, layering firewalls all of the same vendor/brand. So that in the event of an exploit weakens they're all penetrated. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Personal firewalls. Soderland, Craig (Jan 20)
- Re: Personal firewalls. Eliah Kagan (Jan 20)
- Re[2]: Personal firewalls. Thierry Zoller (Jan 20)
- Re: Re[2]: Personal firewalls. Eliah Kagan (Jan 20)
- Re: Re[2]: Personal firewalls. Dude VanWinkle (Jan 21)
- RE: Re[2]: Personal firewalls. William DeRieux (Jan 20)
- Re[2]: Personal firewalls. Thierry Zoller (Jan 20)
- Re: Personal firewalls. Eliah Kagan (Jan 20)
- Message not available
- Re: Personal firewalls. Nancy Kramer (Jan 20)
- <Possible follow-ups>
- Re: Personal firewalls. Eliah Kagan (Jan 23)