Firewall,Do I need it since Im on Exatt?

IdleWild · Jul 5, 2005

Hi
I have always been confused abt the firewall funda.Before I ws on the local cable conn and after installing a firewall ,I cudnt log onine so had to uninstall it.
Now I have Exatt and I think they have their own firewall but not sure.
Shouyld I install a firewll and if so can someone suggest some names which shud be free.

Also during one of those securiy tests i was advised to hide my ip address but I dont kn how.

Thanks

Nikhil · Jul 5, 2005

I have Exatt and am using the Win XP SP@ firewall....... Not facing any problems........ So, I guess you can also use a firewall...

BTW, are you getting full speed from Exatt ?? I am not.,... that is why I am asking....

IdleWild · Jul 5, 2005

Thanks Nikhil
Im not having any problems with exatt and my dwonload speed is steady at 30 to 32 kb/s (i have a 256 kbsp) .It does go down for a sec but then it also peaks at 50kb/s for a sec also.I think ppl from bombay are facing a lot of prob but im in delhi.

inzider · Jul 5, 2005

Try Sygate, Outpost, Look n Stop, Kerio. Any of these should work just fine. You should always have a firewall running when you connect to the internet. Always remember that.

Nikhil · Jul 5, 2005

oh ok then....... lucky you..... enjoy....

And a good firewall (I forgot to mention this in my previous post) is Zone Alarm. I tried it but somehow it confilcted with my computer. Every time I tried to connect to the net, I used to get a BSOD. I don't know if this was because Exatt is incompatible with that or what..... but the Win XP SP2 firewall works fine....

You better install SP2 fast. Then you cvan use the firewall given with it...

mehargags · Jul 5, 2005

why do u need a Firwall at all ??
u think someboady can just break into ur PC as such ??? its just ur anxiety brother. u guyz are just trying way too hard to protect ur pc. Mindit -- firewall softwares work but they have many adverse effects, cpu load is the first & worse to mention.

Just make sure u have a Password to ur Administrator A/c & then the corresponding users as well if u have. & turn of the Simple File sharing in Folder options.
If u dont need file & print sharing Just turn it off & thats it.

ur comp is a not a British high commission Server that someone is gonna brute force into it to get data from it :lol:

we often tend to think too high & tend to skip base level security measures which are just more than enough for a "Personal" Computer.

IdleWild · Jul 5, 2005

OK
Thanks everyone for responding.
I ran sygate but after tht i cudnt con to the net and after uninstalling it my net was fine.

Blade_Runner · Jul 5, 2005

IdleWild said:
OK
Thanks everyone for responding.
I ran sygate but after tht i cudnt con to the net and after uninstalling it my net was fine.

LOl did u allow the apps access to the net ? U shud allow your default browser, ur dialer (if necessary) and svchost.exe access to the net if its asks or else you wont be able 2 browse or connect.

stormblast · Jul 5, 2005

firewall isnt necessary. i am on exatt too. i use nod32 antivirus & msn antispyware. dunno bout spywares on exatt. but i had antispyware installed when i was on bses, so dint remove it after i got exatt.

digen · Jul 5, 2005

It depends on your requirement & what you are looking to get from a firewall.
Do you want it to block ingress[incoming] or egress[outgoing] ?
In case you are behind a NAT device you wont need a firewall for blocking ingress as the device blocks everything that isnt been requested by a host/s which are behind the NAT device.
Most of the times its egress thats what people are looking for,user request[pop-up asking for allow or deny] for any program wanting to connect to the internet is a good way of knowing what is trying to connect where,what port...yada yada.
After reading your first post I believe you didnt configure the firewall & it blocked your internet activity.Which firewall was it? And did you add the network as a "internet network".Though most dont have this feature since they by default add the network but I believe ZA has such a feature even now.

Eazy · Jul 5, 2005

I see that people here say that a firewall is not necessary - I have Zonealarm running and it is set for maintaining a log for the last 50 entries - here is the log file which indicates the times of the intrusions - can someone please let me know what these entries in the log file mean and if I could connect to the Internet and not have a problem without a firewalls protection. I would like to stop using Zonealarm if these entries are not of any consequence. At times I have seen Zonealarm setting off a warning for intrusions at a rate of about 6 every minute even though I do not have the Browser running.

digen · Jul 5, 2005

Hmm they are UDP[User Datagram Protocol] scans.The entries in the log are a result of "script kiddies" scanning a network for open ports.Dont worry they pass me everyday !
Whats exactly happens is with the help of a port scanner lamers try scanning a network or a IP for open ports.Since this scanning is not stealth as incase it would be if nmap is used with options,the scans are easily detected by ZA.
This shouldnt disturb you but you could disable the alerts feature in ZA & periodically check the logs manually.

Though this activity is not malicious it certainly needs attention,ZA at the moment is blocking the incoming unwanted scans but if you remove what do we have in here..naked lady ! Bingo & she gets raped !OMG
Sorry for the above but I like best describing it this way-people understand better!

EDIT:Here is log analyser for ZA in case you want to do it manually with detailed info & a GUI. ZA Log Analyser

Eazy · Jul 5, 2005

digen said:
Hmm they are UDP[User Datagram Protocol] scans.The entries in the log are a result of "script kiddies" scanning a network for open ports.Dont worry they pass me everyday !
Whats exactly happens is with the help of a port scanner lamers try scanning a network or a IP for open ports.Since this scanning is not stealth as incase it would be if nmap is used with options,the scans are easily detected by ZA.
This shouldnt disturb you but you could disable the alerts feature in ZA & periodically check the logs manually.

Though this activity is not malicious it certainly needs attention,ZA at the moment is blocking the incoming unwanted scans but if you remove what do we have in here..naked lady ! Bingo & she gets raped !OMG
Sorry for the above but I like best describing it this way-people understand better!

THANKS for the GRAPHICAL information.

....Much Appreciated !! And yes.... within minutes of seeing the numerous alerts I switched that part of ZA off - now I do as you say - manual log checks.

I use DU Meter for my download speed checks and it shows small bursts of data movement - every few seconds - even when my computer is supposed to be idling - this unsolicited data's speed is anywhere from 0.5KB/s to 20KB/s - this is very irritating - any way to check what is coming down on my line - any software to check what is being downloaded to my HDD ? I use a Hathway cable modem conx as well as a MTNL DialUp conx. The MTNL conx never has this mysterious downloads but it has always been present with the Hathway conx.

digen · Jul 5, 2005

Is there activty even if you close all programs which require the internet?like browsers,IM,P2P...just close all programs & monitor once again.

If there is acivity then I would suggest you get TCPView
This is a nifty utility to have which maps programs to port numbers.

TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows NT, 2000 and XP TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.

You could even do a "netstat -ano" at cmd prompt but that doesnt give you a GUI & is a bit cumbersome to follow.Post a screeny of your TCPView with "IDLE" activity.

inzider · Jul 5, 2005

@mehargags :

* Your comp sure aint the British High Comission but mine is. Since you think security is a hype, why don't you turn off your firewall for a couple of hours, and let me route all my p0rn onto some server on the net through your comp ? Why don't i also leave some kiddy p0rn on your comp, and install bots to send spam to a few zillion addresses everyday. Why don't i then call the cops and tell them about the kiddy p0rn which you possess, and also tell them about the couple of hundred junk mails i got from your IP. ?

Sounds sweet doesn't it. All it takes to stop me is a stupid 7mb download in the form of a firewall. I don't have all that patience to sit and circumvent it. If you have that firewall, you might just save yourself a lot of trouble, and from a lot of it too

*About the CPU load, not many of us are running 286s here, so i doubt we'd have to worry about that now, would we.

After all, systems which handle hours of GTA SA, and some high end stuff should hold up to a little load from the firewall right ?

*The bottom line is, nothing is enough. If there wasn't a need for security on personal computers, there wouldn't be a Sygate PERSONAL firewall, and neither would there be SP1, SP2, and a plethora of other firewalls. Think about it

No hard feelings bro

Regards
Inzider

Nikhil · Jul 5, 2005

lol.... nice one....

digen · Jul 6, 2005

Haha I missed mehargags post earlier damn otherwise I had rambled about "why you need to secure your machine with a firewall" all day. :bleh:

Eazy · Jul 6, 2005

digen said:
Is there activty even if you close all programs which require the internet?like browsers,IM,P2P...just close all programs & monitor once again.

If there is acivity then I would suggest you get TCPView
This is a nifty utility to have which maps programs to port numbers.

Attached a screen capture of my download monitor - it was taken when the system was idling - this shows the traffic on my line during idling. The white line across this screen is the 32KB/s mark for my 256kbps cable conx. The small bunch of lines above the k of "kB/sec" is when I downloaded TcpView again.

also attached a screen capture of TcpView - I had this already installed and had forgotten all about it

Hacker · Jul 6, 2005

inzider said:
@mehargags :

* Your comp sure aint the British High Comission but mine is. Since you think security is a hype, why don't you turn off your firewall for a couple of hours, and let me route all my p0rn onto some server on the net through your comp ? Why don't i also leave some kiddy p0rn on your comp, and install bots to send spam to a few zillion addresses everyday. Why don't i then call the cops and tell them about the kiddy p0rn which you possess, and also tell them about the couple of hundred junk mails i got from your IP. ? Sounds sweet doesn't it. All it takes to stop me is a stupid 7mb download in the form of a firewall. I don't have all that patience to sit and circumvent it. If you have that firewall, you might just save yourself a lot of trouble, and from a lot of it too

I agree with mehargags, i wont say firewalls are useless but therz no point in being so paranoid about them.

Btw inzider can you please do what you said above to my pc, will pm you my ip if you want.

N btw how will a firewall protect you when dumb users allow trojans with legit names to access the internet.
I visit lots of crack, warez sites with no firewall, you just need a good secure browser like FF n patched os.

digen · Jul 6, 2005

Dude eazy I see few applications running like IE running,close that & send me the screeny.We will sort this out.

@Hacker
eh? Have you ever pondered over "open ports" ? have you ever considered "port scans"?
Have you ever understood what netcat could do to your system?
Dude there is no point in being online without a firewall if you dont understand what goes on the OS level.How do you think DDoS[Distributed Denial of Service of attacks] take place?
Hosts which are unsecured taken control of & are made into remote machines popularly called as "zombie machines" which then combine together to launch a massive DOS on a single host.So you are telling me you dont have a part to play in this?
Everybody has a part to play.Patching the OS,installing & regularly updating a AV,installing a firewall...these are the basic things you gotta to do to secure your machine.Call them the Holy Grail of basic security of you like. And most importantly "common sense" rules.How much security & how little or more it is would depend upon the person sitting infront of the computer.

N btw how will a firewall protect you when dumb users allow trojans with legit names to access the internet.

True but if you have outbound protection enabled on your software firewall then it would ask for permission to access/deny the applications connection to the internet & with a little bit of common sense you could atleast find out which port & host its trying to connect to.It may fail sometimes but atleast its better than nothing.

I visit lots of crack, warez sites with no firewall, you just need a good secure browser like FF n patched os.

You visit warez sites huh? then have you ever heard of "EXE BINDERS" ? The least you know the crack you downloaded last night was packed with a trojan horse which unpacked itself on double clicking the crack & starts waiting for a connection on so n so port number. Now hows you firefox doing now?Is it informing you of a trojan horse trying to connect back & acting as a backdoor? Hell NO ! Why cause its not a got damn FIREWALL !! Its a browser which just parses http requests from servers issuing conent.
But if you have a firewall at the same point of time depending upon how you have set the rules it should ask the user access/deny permission.

P.S: I've nothing against ff nor against any other browser.