+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Forum Related (/forumdisplay.php?fid=37)
+--- Forum: General Security (/forumdisplay.php?fid=21)
+--- Thread: What is a good free firewall? (/showthread.php?tid=437)
- besafe - Apr. 09, 2005 05:17 PM
nxIsle:
Currently using one of my kids as a guinea pig for jetico. It tends to not keep some of his settings permanently so he is getting perturbed with it. I'll probably take it off.
I've been a long time user of Tiny firewall 5/6 but have decided it is a bit overkill for me.
Kerio 2.1.5 has been my favourite for a long time because of the ease of rule making and it's flexibility espescially for loopback.
I've never tried Kerio 4xx because of all the bugs and such that I've read about.
- Oddysey - Apr. 10, 2005 06:06 PM
nxIsle;
Quote:I actually like Sygate 5.5 ver2525.....That would be the version written by Zager and Evans, no? [wha] B)
[lol] 
A few oldtimers here will probably get it, I'll let the rest of you wonder for a day or two.
:o
[beatdown]
Oddysey
- besafe - Apr. 10, 2005 07:58 PM
Oddysey Wrote:nxIsle;lolQuote:I actually like Sygate 5.5 ver2525.....That would be the version written by Zager and Evans, no? [wha] B)
A few oldtimers here will probably get it, I'll let the rest of you wonder for a day or two.
:o
[beatdown]
Oddysey
I'm old enough to remeber that one.
- ProxRocks - Apr. 10, 2005 10:37 PM
Oddysey Wrote:A few oldtimers here will probably get it, I'll let the rest of you wonder for a day or two.Uh oh... You realize what this means?
:o
[beatdown]
Oddysey
I'm a few calendars behind!
If memory serves me well, the Gregorian Calendar repeats itself day-for-day every 19 years, so my calendar isn't even lined up properly...
ps - of course, to anyone following the Vatican here lately, I'm sure you are reminded of St. Malachy from eleven hundred and something or other that says that the world will end in 2020...
- nxIsle - Apr. 11, 2005 09:39 AM
I couldn't believe anyone else remembered that song! [smoke]
I haven't heard it for years, but I still hear it in my head real often these days. Weird. They used it in some educational science films back in the seventies, too. Anyone remember those? Man, those were good days! (The nights weren't so bad, either.) [lol]
So, in the year 2525, if mankind is still alive, will he find a good free firewall?
- besafe - Apr. 11, 2005 07:41 PM
I spent all my teen years in the seventies.
I'm looking forward to this firewall http://kerio.sourceforge.net/
- Kye-U - Apr. 11, 2005 08:07 PM
besafe Wrote:I'm looking forward to this firewall http://kerio.sourceforge.net/Me too
I can't wait until a version is released!
- Oddysey - Apr. 11, 2005 09:34 PM
besafe;
Quote:I'm looking forward to this firewall http://kerio.sourceforge.net/I'd volunteer to test that! [lol]
Oddysey
p.s. Thanks for the tip. You too, Kye-U!
- Oddysey - Apr. 11, 2005 09:36 PM
nxIsle;
Quote:Man, those were good days! (The nights weren't so bad, either.) [lol]You know what they say about the seventies, don't ya?
"If you can remember 'em, you didn't live through 'em!!" [smoke]
Word.
Oddysey
- besafe - Apr. 11, 2005 10:16 PM
Oddysey Wrote:nxIsle;After seeing some of the drunken and whatever antics taking place at the University residence where my son is staying; I thought I was having a "flashback". They look and act just like the seventies! [smoke]Quote:Man, those were good days! (The nights weren't so bad, either.) [lol]You know what they say about the seventies, don't ya?
"If you can remember 'em, you didn't live through 'em!!" [smoke]
Word.
Oddysey
- besafe - Apr. 12, 2005 02:50 AM
Since I'm not using TF anymore I am using this program to prevent code injection etc. It is free for home use. Adds an extra layer of defence and really lets you know what is going on in your pc.
Antihook http://www.infoprocess.biz/
- Ralph - Apr. 17, 2005 12:08 PM
Hey everybody , I saw this posted at Steve Gibson's newsgroup and thought it would be appropriate for this discussion . A video clip interview with Leo LaPorte and Steve ." So, what's the scoop? Do these wireless gateways have firewalls built into them?"
Small easily downloadable size (but lower quality):
http://media.grc.com/NAT_Routers_As_Firewalls.zip 7.5 mb
Much larger but high-quality (VCD quality and format): 98 mb
http://media.grc.com/NAT_Router_Firewalls_vcd.zip
- Oddysey - Apr. 17, 2005 10:12 PM
Hmmmm, I wonder how old that clip is. For the life of me, I don't want to believe that Gibson is that full of schiesse. Besides which, am I the only one who thinks that he looked like he was on speed? B) And how did he manage to mix hubs with routers, eh?
First of all, NAT is available on all three levels of address switching or routing - the hub, the router, and the switch. A hub has no security whatsoever, that's true. Just think, if it did, then why are we all dumping our simple and cheap hubs, and moving to routers?
Moreover, NAT does <span style='color:red'>not</span> store outgoing connections in a table, and compare all incoming connections against that table, I don't care what Gibson says. That's the job of SPI, which Gibson referred to as having been mentioned on an earlier C4H show. All NAT does is to make the switch in IP identities, sending one signal to another place, and then sit back and wait for the next packet to move through the unit - it remembers nothing.
SPI is only available on routers and switches. If you see a box that claims to be a hub, and yet it has SPI, run, don't walk, for the nearest exit - with your hands on your wallet. That manufacturer is planning on fleecing you, IMNSHO.
And finally, Gibson also threw out a red herring with the honey-pot idea. That can be instituted on some routers, if so desired, but not all of them have that feature. It is inherently risky, and not for the uninitiated, if you get my drift. He left the thought only half-completed, and I'd like to do the same - boys and girls, don't try that stunt unless your Blue Cross is fully paid up! :o
OK, enough ranting for now. [lol] [beatdown]
Thanks Ralph!
Oddysey
- besafe - Apr. 17, 2005 11:24 PM
Well there's nothing new there. http://media.grc.com/NAT_Routers_As_Firewalls.zip
We all know that NAT boxes offer good protection from inbound communication. Software firewalls may be vulnerable as he says, but not if you use an app like the one I have posted above. The trojan etc. would never be allowed to execute. Also just because a software firewall may be vulnerable that way does not say you should abandon outbound protection that it offers. The router has zero protection for outbound communication.
grc.com misleads people into thinking that they are not safe unless they are "stealthed" where in reality if you show closed ports you are just as safe as stealthed. No one sane is going to DOS a home address. You also don't need to disable the messenger service to prevent pop ups etc. You can and should do it with your firewall.
There's my little rant.
- Oddysey - Apr. 18, 2005 02:42 AM
besafe;
I took your word for it that the file you linked was approximately the same thing as the one from Leo L. and company. :P
You are correct of course about the outbound security being non-existant; we've already discussed that earlier in this thread. However, I did fail to pickup on Gibson's implication about "stealth = best protection" - again you are correct, that's just isn't true. Sigh. And we used to love the guy so much, didn't we?
Although I do have to question your statement about who's insane enough to DOS a home IP. Man, think about it - isn't anybody who DOS'es or DDOS'es an IP, any IP, just plain nuts to start with?! [beatdown] More to the point, unless one has a very, very accurate IP map of the entire 'net, then how are they gonna separate the home IP's from the corporate ones? I'm at home, but I'm using a corporate IP, I can tell you that much. Under your scenario, I should be getting hit more often that the guy next door, right? Funny, I don't think I'm suffering anything of the sort.
Oddysey