DVD Talk Forum

DVD Talk Forum (https://forum.dvdtalk.com/)
-   Tech Talk (https://forum.dvdtalk.com/tech-talk-10/)
-   -   Zone Alarm and Zone Alarm Pro users, FYI: (https://forum.dvdtalk.com/tech-talk/157346-zone-alarm-zone-alarm-pro-users-fyi.html)

jfoobar 11-08-01 04:43 PM

Zone Alarm and Zone Alarm Pro users, FYI:
 
This was posted on the bugtraq mailing list this afternoon:


ZoneAlarm Pro is firewall for Windows home-users.

The following was tested with ZoneAlarm Pro latest version: 2.6.357

I`m not sure if it also works with the free version but I can't imagine why it wouldn't.

Similair to Internet Explorer ZoneAlarm Pro (ZAP) has security settings for Local and Internet.

However ZAP in certain cases classifies connections as Local when they really aren't Local. All connections that have the same 2 octets as your IP (ex. Your ip 123.123.123.123 -> 123.123.*.*) are also considered Local.

This means everyone on with the same two first octet's of your IP can connect to your computer under local level security settings instead of the internet level security settings.

With default settings this will expose your computer and all it's ports plus opening and allow access to windows services and shares. Users to customize local level security to allow (and block) whatever they want.

How did I discover this?

I installed a webserver and asked some friends to view some pages but they weren't able to connect. Zone Alarm Pro blocked the http port I found out. But this surprised me since I viewed my http.acces and http.error logife before I enabeled port 80 in ZAP and already had a lot of requests from servers infected with nimba. After looking at the IP's the first two octets were all the same.. the same as mine.

Crizzar 11-08-01 04:46 PM

good info...thanks

TLamm 11-08-01 06:06 PM

Not true. I have the free version and the pro version on a second computer. Both block IP addresses with the first two octets. How do I know this? They show in my blocked alerts (my isp polls my conection every 30 seconds)..

belboz 11-08-01 06:44 PM

Could it be that guy doesn't have his netmask set properly?

TLamm 11-08-01 06:50 PM


Originally posted by belboz
Could it be that guy doesn't have his netmask set properly?
By default it should all be blocked, if he changed his settings who knows what may occur.. By the wording of the original message (which has been posted in other forums) he is just trying to stir the waters..

jfoobar 11-08-01 06:53 PM

Fair enough guys. Sorry for what appears to be a false alarm. Bugtraq is a very prestigious moderated vulndev mailing list so I figured it might have some merit.

AndyCapps 11-09-01 07:33 AM

Hmm. I guess I could see this happening if you had your PC connected straight to the Internet. But if that was the case, why would you allow local connections? I have a router, so my local IPs obviously don't match my ISPs IPs.

twikoff 11-09-01 08:39 AM

well... if you want more information about how insecure zone alarm is.. check here:
http://tooleaky.zensoft.com/


but its still better then blackice ;)

jfoobar 11-09-01 02:09 PM

What do you guys think of the Sygate PFW?

I have been evaluating their enterprise managed DFW solution here at work and it is fantastic but I have never used their free personal FW before. I prefer something with more granular config options than is offered by ZA.

jfoobar 11-09-01 02:10 PM

FYI, regarding the first post in the thread, this was also posted on bugtraq:


In the free version, it adds your entire IP subnet as "local". You can check this in the Advanced part of the security settings, it should add your NIC's IP network as local. You can also remove the entry if, for example, you're on a cable modem and your subnet includes hundreds of remote untrusted machines. I would assume that Pro has at least the same level of
functionality, if not more.

TLamm 11-09-01 03:48 PM


Originally posted by JustinS
FYI, regarding the first post in the thread, this was also posted on bugtraq:


Id does but it should be unchecked (meaning do not allow)... Mine is unchecked so I awould assume its the default setting..

Dead 11-10-01 11:07 AM

FWIW, I just checked mine and found the same thing that TLamm said. My internet adapter's network is listed as being local, but it is not selected. My internal network, OTOH, is selected. YMMV. :)


All times are GMT -5. The time now is 06:27 PM.


Copyright 2021 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.