|
Zone Alarm and Zone Alarm Pro users, FYI:
This was posted on the bugtraq mailing list this afternoon:
ZoneAlarm Pro is firewall for Windows home-users. The following was tested with ZoneAlarm Pro latest version: 2.6.357 I`m not sure if it also works with the free version but I can't imagine why it wouldn't. Similair to Internet Explorer ZoneAlarm Pro (ZAP) has security settings for Local and Internet. However ZAP in certain cases classifies connections as Local when they really aren't Local. All connections that have the same 2 octets as your IP (ex. Your ip 123.123.123.123 -> 123.123.*.*) are also considered Local. This means everyone on with the same two first octet's of your IP can connect to your computer under local level security settings instead of the internet level security settings. With default settings this will expose your computer and all it's ports plus opening and allow access to windows services and shares. Users to customize local level security to allow (and block) whatever they want. How did I discover this? I installed a webserver and asked some friends to view some pages but they weren't able to connect. Zone Alarm Pro blocked the http port I found out. But this surprised me since I viewed my http.acces and http.error logife before I enabeled port 80 in ZAP and already had a lot of requests from servers infected with nimba. After looking at the IP's the first two octets were all the same.. the same as mine. |
good info...thanks
|
Not true. I have the free version and the pro version on a second computer. Both block IP addresses with the first two octets. How do I know this? They show in my blocked alerts (my isp polls my conection every 30 seconds)..
|
Could it be that guy doesn't have his netmask set properly?
|
Originally posted by belboz Could it be that guy doesn't have his netmask set properly? |
Fair enough guys. Sorry for what appears to be a false alarm. Bugtraq is a very prestigious moderated vulndev mailing list so I figured it might have some merit.
|
Hmm. I guess I could see this happening if you had your PC connected straight to the Internet. But if that was the case, why would you allow local connections? I have a router, so my local IPs obviously don't match my ISPs IPs.
|
well... if you want more information about how insecure zone alarm is.. check here:
http://tooleaky.zensoft.com/ but its still better then blackice ;) |
What do you guys think of the Sygate PFW?
I have been evaluating their enterprise managed DFW solution here at work and it is fantastic but I have never used their free personal FW before. I prefer something with more granular config options than is offered by ZA. |
FYI, regarding the first post in the thread, this was also posted on bugtraq:
In the free version, it adds your entire IP subnet as "local". You can check this in the Advanced part of the security settings, it should add your NIC's IP network as local. You can also remove the entry if, for example, you're on a cable modem and your subnet includes hundreds of remote untrusted machines. I would assume that Pro has at least the same level of functionality, if not more. |
Originally posted by JustinS FYI, regarding the first post in the thread, this was also posted on bugtraq: |
FWIW, I just checked mine and found the same thing that TLamm said. My internet adapter's network is listed as being local, but it is not selected. My internal network, OTOH, is selected. YMMV. :)
|
| All times are GMT -5. The time now is 06:27 PM. |
Copyright © 2021 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.