Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

Zone Alarm and Zone Alarm Pro users, FYI:

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Zone Alarm and Zone Alarm Pro users, FYI:

Old 11-08-01, 05:43 PM
  #1  
DVD Talk Hero
Thread Starter
 
jfoobar's Avatar
 
Join Date: Jun 2000
Posts: 37,873
Likes: 0
Received 2 Likes on 2 Posts
Zone Alarm and Zone Alarm Pro users, FYI:

This was posted on the bugtraq mailing list this afternoon:

ZoneAlarm Pro is firewall for Windows home-users.

The following was tested with ZoneAlarm Pro latest version: 2.6.357

I`m not sure if it also works with the free version but I can't imagine why it wouldn't.

Similair to Internet Explorer ZoneAlarm Pro (ZAP) has security settings for Local and Internet.

However ZAP in certain cases classifies connections as Local when they really aren't Local. All connections that have the same 2 octets as your IP (ex. Your ip 123.123.123.123 -> 123.123.*.*) are also considered Local.

This means everyone on with the same two first octet's of your IP can connect to your computer under local level security settings instead of the internet level security settings.

With default settings this will expose your computer and all it's ports plus opening and allow access to windows services and shares. Users to customize local level security to allow (and block) whatever they want.

How did I discover this?

I installed a webserver and asked some friends to view some pages but they weren't able to connect. Zone Alarm Pro blocked the http port I found out. But this surprised me since I viewed my http.acces and http.error logife before I enabeled port 80 in ZAP and already had a lot of requests from servers infected with nimba. After looking at the IP's the first two octets were all the same.. the same as mine.
Old 11-08-01, 05:46 PM
  #2  
Senior Member
 
Join Date: Jan 2001
Location: Pasadena, CA
Posts: 688
Likes: 0
Received 0 Likes on 0 Posts
good info...thanks
Old 11-08-01, 07:06 PM
  #3  
Senior Member
 
Join Date: Apr 2000
Posts: 683
Likes: 0
Received 0 Likes on 0 Posts
Not true. I have the free version and the pro version on a second computer. Both block IP addresses with the first two octets. How do I know this? They show in my blocked alerts (my isp polls my conection every 30 seconds)..
Old 11-08-01, 07:44 PM
  #4  
DVD Talk Gold Edition
 
Join Date: Feb 1999
Location: HB, CA
Posts: 2,601
Likes: 0
Received 0 Likes on 0 Posts
Could it be that guy doesn't have his netmask set properly?
Old 11-08-01, 07:50 PM
  #5  
Senior Member
 
Join Date: Apr 2000
Posts: 683
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by belboz
Could it be that guy doesn't have his netmask set properly?
By default it should all be blocked, if he changed his settings who knows what may occur.. By the wording of the original message (which has been posted in other forums) he is just trying to stir the waters..
Old 11-08-01, 07:53 PM
  #6  
DVD Talk Hero
Thread Starter
 
jfoobar's Avatar
 
Join Date: Jun 2000
Posts: 37,873
Likes: 0
Received 2 Likes on 2 Posts
Fair enough guys. Sorry for what appears to be a false alarm. Bugtraq is a very prestigious moderated vulndev mailing list so I figured it might have some merit.
Old 11-09-01, 08:33 AM
  #7  
Moderator Emeritus
 
Join Date: Nov 1999
Posts: 8,205
Likes: 0
Received 0 Likes on 0 Posts
Hmm. I guess I could see this happening if you had your PC connected straight to the Internet. But if that was the case, why would you allow local connections? I have a router, so my local IPs obviously don't match my ISPs IPs.
Old 11-09-01, 09:39 AM
  #8  
DVD Talk God
 
twikoff's Avatar
 
Join Date: Feb 2000
Location: Right Behind You!!!
Posts: 79,497
Likes: 0
Received 0 Likes on 0 Posts
well... if you want more information about how insecure zone alarm is.. check here:
http://tooleaky.zensoft.com/


but its still better then blackice
Old 11-09-01, 03:09 PM
  #9  
DVD Talk Hero
Thread Starter
 
jfoobar's Avatar
 
Join Date: Jun 2000
Posts: 37,873
Likes: 0
Received 2 Likes on 2 Posts
What do you guys think of the Sygate PFW?

I have been evaluating their enterprise managed DFW solution here at work and it is fantastic but I have never used their free personal FW before. I prefer something with more granular config options than is offered by ZA.
Old 11-09-01, 03:10 PM
  #10  
DVD Talk Hero
Thread Starter
 
jfoobar's Avatar
 
Join Date: Jun 2000
Posts: 37,873
Likes: 0
Received 2 Likes on 2 Posts
FYI, regarding the first post in the thread, this was also posted on bugtraq:

In the free version, it adds your entire IP subnet as "local". You can check this in the Advanced part of the security settings, it should add your NIC's IP network as local. You can also remove the entry if, for example, you're on a cable modem and your subnet includes hundreds of remote untrusted machines. I would assume that Pro has at least the same level of
functionality, if not more.
Old 11-09-01, 04:48 PM
  #11  
Senior Member
 
Join Date: Apr 2000
Posts: 683
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by JustinS
FYI, regarding the first post in the thread, this was also posted on bugtraq:

Id does but it should be unchecked (meaning do not allow)... Mine is unchecked so I awould assume its the default setting..
Old 11-10-01, 12:07 PM
  #12  
Mod Emeritus
 
Join Date: Feb 1999
Location: Gone to the islands - 'til we meet again.
Posts: 19,053
Likes: 0
Received 0 Likes on 0 Posts
FWIW, I just checked mine and found the same thing that TLamm said. My internet adapter's network is listed as being local, but it is not selected. My internal network, OTOH, is selected. YMMV.

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.