To Elrond -------- Urgent!! Pls help.

[Guest]

Hi Dave,Broadband Routers are great for the exact reason you state: they "hide" any internal systems away from the entry point of your internet source. This works perfectly to block any incoming attacks on your system. With a hardware firewall, an attacker has no idea how many systems may be behind that router: one or two hundred. While that is a great feature, its not complete.Running a good software firewall in addition to the hardware firewall in your router is the only way to provide yourself with complete outbound protection as well. In other words: if you happen to receive a Trojan through an email or a download and that Trojan isn't caught by a virus scanner or the like, it is free to "call home" and send any information it desires to a crook repository. If it is a remote control type of Trojan, your router firewall would block incoming activation requests from crooks, but nothing stops the Trojan itself from calling out to initialize that connection. The same can be said for spyware components - including some that is built in to Windows itself.Most hardware firewalls *can* block specific ports from working at all - either inbound or outbound - but you have to set them up specifically to do so. This rarely is done and can be a pain to do even when you are aware of it - and doing so is often troublesome for "normal" programs such as multi-player games and the like. Still recommended to do so, but you should be armed with the knowledge of what you are doing before hand.In the end, its simply much safer to run a software firewall such as Outpost in addition to your routers hardware firewall: you get complete protection that way. Some routers, such as LinkSys's extremely popular EtherFast DSL/Cable router switches, have built in support to work interactively with a software firewall such as ZoneAlarm. While this built-in support isn't necessary and you may choose any software firewall you wish, it may make it easier to setup your system that way.As for XP's built in firewall: its works great as a basic inbound only firewall and is much, much better than nothing at all... While it does have some configuration limitations that may make it hard to use with specific applications (anything that needs a set of port ranges instead of specific port numbers to operate), it does provide good protection - as an inbound only firewall. But, the same caveats apply here as with a router's hardware firewall: it only provides inbound protection. A much better solution - specially since they come in free versions - is to use Outpost, ZoneAlarm, or the like.Hope that helps,Elrondhttp://members.rogers.com/eelvish/Boycott-RIAA.gif]"A musician without the RIAA, is like a fish without a bicycle."[/font://http://members.rogers.com/eelvish/B...cle."[/b][/font

[Guest]

Great information as always, Richard. Thanks for enlightening me to a better mix of linux tools beyond ipchains alone.As for Windows, Outpost includes a port scanning blocker as standard feature. Its "Attack Detection" module can be setup to block all traffic from the IP of port scanners for a timed period or permanently (as well as the subnet mask of the offender). You have the option to do so when only one port is scanned or when multiple ports are scanned. It can also be setup to automatically shut down local ports if a DoS attack is under way.I couldn't agree more with your recommendation of Window Washer: its a great tool. Another sort-of related tool is either or [link:www.webwasher.com|Web Washer]. While they differ in function from Window Washer, they are indispensable tools that allow one to block specific types of web content while browsing: popup windows, cookies, advertisements, java applets, java-script, etc. For their cookie management alone, they are well worth the price of download. All three tools are are great additions to a good software or hardware & software firewall setup.Again thanks for the linux heads up,Elrond[link:www.boycott-riaa.com]http://members.rogers.com/eelvish/Boycott-RIAA.gif]"A musician without the RIAA, is like a fish without a bicycle."[/font

[Guest daves0]

Thanks Elrond....I downloaded Outpost and installed it....

[Guest daves0]

Elrond...If you see this---way off the topic here...but with Outpost...I am a Seti@home user...this app, if you're not familiar, goes to a site, downloads data, crunches it, then sends it back to a server and retrieves more data. It will not work with Outpost active. I gave Seti the permissions as a trusted application, but it still cannot download data. As soon as I exited Outpost, the data was retrieved. I'm sure its just a matter of some setting, I'm in the process of scouring the manual...but I had similar problems using Zone Alarm and ended up having to just delete it from my system...Any ideas?Thanks , and again sorry for swaying over the line a bit :)

[Guest WorkingStiff]

Is Outpost currently running in Rules Mode?

[Guest daves0]

>Is Outpost currently running in Rules Mode? How do I find that out?I think it is....maybe...but not really sure...My eyes glaze over when I start reading about this stuff :)

[Guest WorkingStiff]

Go to the Outpost icon in the Windows taskbar, right-click on the icon, select "Policy" then a pop-up window will tell you what mode is currently selected.

[Guest daves0]

it is Rules Wizard

[Guest WorkingStiff]

Okay.It seems that Outpost blocks incoming connections from SETI@home.See this thread from the Agnitum Outpost support board:http://www.agnitum.com/forum/showthread.ph...&highlight=seti

[Guest]

Hi WS,That could explain it... But that thread isn't really about the Seti client itself, but a proxy program that some use along with the main Seti client. I have run the Seti client in the past and I believe it was when I was using Outpost as well. I don't think I had problems but... I'll download the latest client and see if I can help figure out whats happening. Will try to get back to you both in the next couple hours.Elrondhttp://members.rogers.com/eelvish/Boycott-RIAA.gif]"A musician without the RIAA, is like a fish without a bicycle."[/font://http://members.rogers.com/eelvish/B...cle."[/b][/font

[Guest daves0]

Ok...thanks much :)I'm running the command line client BTW

[Guest]

Hi Dave,Well, I downloaded the latest client (v3.07) and it seems to be working fine. I verified the only port it uses is port 80 - the same as your standard web browser. So, as long as you gave it "Browser" or "Download Manager" permission, or completely trust the app, you shouldn't be having any problem.What I mean by giving it Browser or Download Manager permission is when Outpost popped up the dialog asking you to let Seti connect to the outside... You have a choice of options in that dialog:http://ftp.avsim.com/dcforum/User_files/3d6cf0541d3d4d02.gif"Allow all Activities" basically gives the application full trust."Create Rules Using Preset" gives it limited trust, based on specific program type profiles. Browser and Download Manager profiles are the ones available to Seti because of the port is uses: port 80. Thats the same as any web browser or Download Manager. This profile also would give it permission to communicate over other ports such as FTP (port 21), etc."Stop All Activities" does exactly that: blocks the app from ever connecting to the outside world. Is this possibly what you chose by accident?You can always change the permissions of a particular app, by double-clicking the Outpost icon in the traybar, hit the Options menu and click Applications. The following dialog will be shown (with different apps on your machine of course):http://ftp.avsim.com/dcforum/User_files/3d6cf05d1d562fee.gifIf you select the application you wish to change and click the edit box (as shown with the Seti client above), you can change the profile that application uses, completely trust the app or deny it access. You can also click "Other..." and define specific custom rules for the app... Thats beyond what we're talking about here though.Finally, you can bring up Outlook and look at its internal Log file. You access it by clicking one of the "Allowed", "Blocked" or "Reported" items on the left hand side. Here is an example:http://ftp.avsim.com/dcforum/User_files/3d6cf0661d751851.gifAs you can see, the Seti client was listed in the "Allowed" log. It shows the type of connection, remote host and port it used to access the outside. If successful, you should have identical listings, except your DNS entries will be specific to your own internet service provider (which is why I blurred them out).Since you seem to not be able to get Seti to work, look at your "Blocked" log and see if your client is listed. If so, you should change permissions of the Seti Client as described above.Hope that helps,Elrondhttp://members.rogers.com/eelvish/Boycott-RIAA.gif]"A musician without the RIAA, is like a fish without a bicycle."[/font://http://members.rogers.com/eelvish/B...cle."[/b][/font

[Guest gasebah]

Hi,I now have the Outpost firewall installed for a few days, abd I have to say that it is very easy to use even for an internet dummy like me. I always refrained from using a firewall as I have heard a lot of stories how difficult it is to set it up, that a lot of applications do not work anymore etc.etc..My experience is totally different. The rules wizard is extremely simple. A window pops up when an application that wants to make an outside connection. If you know it and trust it e.g. the auto-update of your antivirus program, if you do not know it, you block it.I had no probs at all, everything is running and working as usual.This is a very intelligent and easy to use program. Thanks again for the tip Elrond.Alex

[Guest Matt Johnson]

PortSentry requires REALLY careful setup, otherwise you can be DoSSed out of existence.--M

[Guest daves0]

WOW..Elrond---hey, this is like way beyond help...thanks much :)I'm actually having download problems with AVSIM as well...to bring all this back home...I'll see if I can get it going myself first.....