1. Join Now

    AVForums.com uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Firewall query

Discussion in 'Desktop & Laptop Computers Forum' started by zAndy1, Nov 10, 2004.

  1. zAndy1

    zAndy1
    Distinguished Member

    Joined:
    Nov 26, 2002
    Messages:
    19,616
    Products Owned:
    2
    Products Wanted:
    5
    Trophy Points:
    163
    Ratings:
    +6,715
    Hi,
    I've got a Netgear router with an inbuilt firewall, I also recently installed zonealarm not because I thought I needed it , can't remember the exact reason I installed it to be honest but anyway.... I thought just having the router as a firewall would give me adequate protection, how is it then that zonealarm is saying it's blocked over 48000 access attempts to my computer? Shouldn't the firewall in the router be doing that job? I wouldn't expect zonealarm to be having to block anything to be honest..
    Can anyone explain why this is happening?

    Cheers
    Andy
     
  2. KraGorn

    KraGorn
    Active Member

    Joined:
    Aug 30, 2003
    Messages:
    4,740
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    68
    Location:
    Warrington
    Ratings:
    +27
    Normally you're right, a firewall will block all inbound traffic that isn't a reply to something sent outbound .. this is because of the way it lets a number on PCs on the LAN side talk to the single connection on the WAN side (a process known as NAT).

    However, this can be relaxed in two ways:

    1) by allowing inbound connections on specifically identified ports, eg. port 80 for a web server.

    2) by designating a PC on the LAN as being in the 'DMZ'.

    What sort of activity does ZA say it's blocking? This may indicate which of these two possibilities may be the cause. In either case it'll be something you can see and alter in the router's configuration.


    One other possibility exists but only if you've more than one PC on the LAN, do you?


    The main reason to use ZA as well as a router it to block 'phone homes', it allows you to restrict internet access to specific programs.
     
  3. APC

    APC
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    Sorry if this is a daft question, but have you made sure the firewall on the router is enabled?

    Another alternative might be that there is some sort of 'profile' (a list of settings) on the firewall router that has a lot of ports open by default and that these are letting traffic through, only to be stopped by Zonealarm. Maybe?

    HTH
     
  4. KraGorn

    KraGorn
    Active Member

    Joined:
    Aug 30, 2003
    Messages:
    4,740
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    68
    Location:
    Warrington
    Ratings:
    +27
    It's not possible to disable a firewall in a router per se. :)

    The point here is that the IP address externally visible to the Internet is the router itself, none of the PCs on the LAN side are externally addressable, they'll typically be in the 192.xxx.xxx.xxx non-routable subnet. This means it's impossible for an external system to send something directly to them.

    The only way for external traffic to find there way to a PC on the LAN is for the router to forward the packets on, to do that it'd have to know which PC on the LAN to forwad them to .. hence the 'Packet Forwarding' and 'DMZ' settings with the router will have.

    I'm beginning to think it's more likely these 'attacks' are coming from another PC on the LAN, meaning ZA may not be configured properly to allow local connections so it thinks they're external.
     
  5. zAndy1

    zAndy1
    Distinguished Member

    Joined:
    Nov 26, 2002
    Messages:
    19,616
    Products Owned:
    2
    Products Wanted:
    5
    Trophy Points:
    163
    Ratings:
    +6,715
    Thanks for the advice chaps, I'll check the router settings out tonight. I've got my X-box connected to the router, my PC (wirelessly) and also my wife has her laptop connected wirelessly as well. I might well have ports open for things like winmx/bittorrent but don't use them these days so may as well close those I suppose and see if that makes any difference. I don't like zone alarm, it keeps asking about all sorts of programs that I haven't a clue what they do, I'd take it off but now I've seen how many things it's blocked I'm worried it will leave my PC vulnerable.

    Cheers
    Andy
     
  6. KraGorn

    KraGorn
    Active Member

    Joined:
    Aug 30, 2003
    Messages:
    4,740
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    68
    Location:
    Warrington
    Ratings:
    +27
    BUT THAT'S THE WHOLE POINT .. sorry to shout. :D

    The single most important reason to run ZA on a system with a hardware firewall is to detect trojan phone-homes .. if a program you don't know tries to connect to the web you MUST find out what it is before allowing it. It can be a little bit of a pain to begin with but it's well worth the effort IMHO.
     
  7. APC

    APC
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    Some routers (eg. Siemens) allow you to disable all firewall functions. :)

    I've never experienced a Netgear router. Just thought it might be worth checking.
     
  8. KraGorn

    KraGorn
    Active Member

    Joined:
    Aug 30, 2003
    Messages:
    4,740
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    68
    Location:
    Warrington
    Ratings:
    +27
    I am assuming this is a typical broadband router/hub, rather than a pure firewall, which implements NAT to allow a many-to-one connection between PCs on a LAN and the WAN ... NAT is by the very way it works is a one-way firewall. :)
     
  9. OneEyedStuart

    OneEyedStuart
    Well-known Member

    Joined:
    Oct 12, 2003
    Messages:
    4,871
    Products Owned:
    1
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Falkirk, Scotland
    Ratings:
    +833
    Andy,

    Disable ZoneAlarm on all pcs so that your pc and your wife's laptop are just going through the router. Then go to www.grc.com and have a look at the SHIELDSUP test utility ( click on ShieldsUp logo then click on Shields up link on second page - scroll down to find it ).

    Test your FileSharing, CommonPorts and ServicePorts. In all tests you should be looking for STEALTH mode. This means your pc cannot be seen from the outside world. This will test your router being NAT. KraGorn is correct in what he says about ZoneAlarm however , it is very useful in tracking down trojans which have somehow got into your system and are trying to communicate home.

    The grc website has a mine of information in it relating to security. Worth a good read.

    Hope this helps.
    Keith Hurst
     
  10. explicitlyrics

    explicitlyrics
    Active Member

    Joined:
    Apr 26, 2003
    Messages:
    1,084
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    38
    Location:
    NW London
    Ratings:
    +9
    zAndy - what router are you using? Some only have NAT and that is classed as a firewall when enabled correctly. Others have SPI firewalls which are slightly better as they check that data coming into the home has already been requested by an internal source.

    So now the questions, answer as many as you can

    Do you have NAT enabled?
    Do you have DHCP enabled?
    What model of router do you have?
    When was the last time you updated the firmware on the router?
    Have you enabled a DMZ on your PC's IP?
    Do you have a static/dynamic IP?
    What class did ZA rate the attacks as? (high/medium.....)

    Those are all things to consider, I have a DG834G router with SPI firewall, I had ZA installed for about 4months and never has a SINGLE hit. Might be something up with your setup, hope the above questions help find it :)
     

Share This Page

Loading...