I'm afraid I don't subscribe to comp.security.firewall .
I have a problem with AT&T's VPN client which I occasionally use to log on to work. KPF 2.1.5 crashes immediately with it. This will not affect most people. Otherwise it is a great little firewall if you make the effort to understand how to configure it. I used it for a couple of years. V4 was beginning to be OK until they dropped support for WinME.
Nick
Paul
Because using a personal firewall does not really protect your computer. Since many people blindly surf the internet and open malicious email attachments, it's fairly easy for a malicious application to disable or enter an exception for the personal firewall, SP2 Firewall being the easiest to compromise.
A border device, an appliance, is the smart method to use as the primary protection method, then a personal firewall application that is not as simple as SP2 Firewall, something like Zone Alarm Professional (since it's easy for home users).
The NAT Device should be set to block outbound ports 135, 136, 137, 138,
139, 445, and even 1026/1027. If your NAT router allows it, blocking SMTP outbound to everything except your ISP's SMTP server is also a good idea.Now, with a border device and a PFW, you really need to get a high quality antivirus program that scans in/out bound SMTP/POP and also acts as a web browser proxy.
Finally, get a non-MS browser and email client, at least they will protect you from yourself.
With a compromised with malware XP machine and the malware is running with the security context of Admin Rights and most users run with Admin rights, the malware can take out a personal FW solution that is running on the machine leaving it wide open to attack. The malware cannot take out a standalone device like a NAT router or FW appliance that's not running on the computer with the O/S.
Duane :)
The router doesn't have anything to do with downloads or much else, it's a all or nothing type thing. Are you running a personal firewall? I suspect that it's either a PFW or Browser security problem. Download and install FireFox browser and see if it still happens.
Thanks, I'll give that a try.
This is an email policy. This is not application level still.
A static policy where a port is blocked.
Personal ports?
policy - you mean block a certain amount of email being send in a certain amount of time - bulk mail blocking - limited amount of recipients.... this is just policy - still not application level.
Agreed - but still not at the application level where the protection is needed. You know the phrase 'nip the problem at the bud'.
A firewall will not block viruses. It can block certain viruslike activity. A hardware appliance will not prevent a backdoor from access to the internet.
That's what those cheap NAT devices call ports they block from reaching the Internet.
No, I mean blocking all outbound SMTP traffic except to the ISP's SMTP server, or all outbound SMTP traffic except from the internal SMTP server. This prevents many viruses that have their own SMTP engines from sending any email without using a specific SMTP server.
Actually, firewalls can and do block viruses - in fact my firewall will remove viruses from inbound email, will remove content from http traffic, etc... On the outbound side, unless the virus uses HTTP/HTTPS to spread, it's not going to get out of my network by any means - sure, it can spread inside the network, but the firewall will block it from leaving our network and attempting to infect others. And has been seen, unless the virus/malware can get instructions via HTTP/HTTPS, it's not going to be able to contact the remote server.
Personal applications that act as firewalls are more of an feel-good type thing, if the computer/system is compromised the personal firewall can be disabled, the firewall appliance can't be.
############################## If your head was spinning then, I'm sure it's spinning more with all the answers that you received. I have a linksys router which someone already recommended. I have no antivirus at all and no software firewall and I have no problems. The last time I updated and ran spybot, it said, congratulations, no problems were found. The router w/ some common sense goes a long way. Some of those common sense things are, don't click on attachments unless you TOLD someone to send it to you. Don't open it just because you know the person. Talk to them first. Other than that, I never run activex in the browser and I limit javascripting. From time to time I look in the registry. Trojans and the like hide in certain places. Learn them. Run netstat -an Pay attention to the foriegn address column. Those things along w/ a few others keeps my head from spining like yours. donnie
Would that be both TCP and UDP on these ports?
The early versions of linksys firmware didn't allow selection of TCP/UDP, just ports, so I've taken to just blocking BOTH for those ports.
Follow-up set to: comp.security.firewalls
As I've said before, the appliances by Linksys and most of the others are just simple NAT routers that sometimes have expanded features, they are not really firewalls, it's just marketing hype.
The only means you could use to send email using the "recipients" email server is if you had a valid account to use in order to relay through them. If you are just using the redirector to bounce your messages off unsecure SMTP servers then you're asking for trouble.
Outbound has nothing to do with inbound, you don't get email from your ISP using port 25, you PULL email using port 110 (POP) and send using SMTP (25). The same is true for most any email, it's sent using port 25 to servers, and servers relay using port 25 also. Pulling is based on the client used to contact the server when you want to fetch/pull your email.
There is little you can do to secure outbound traffic using the Linksys, it's not going to do much, but it does secure inbound unless you've done some port forwarding or enabled UPNP.
In the private ports list, in the linksys, I always block outbound to destination ports 135~139, 445, 1433/1434, and sometimes 1025~1027. Depending on the user I might also block outbound port 25 since some users use webmail only and not SMTP/POP.
ADR sounds like a bad tool for ethical use - if it really sends email through other servers then you should reconsider using it - just because someone leaves a server unsecured is no reason to use it.
[snip]One other thing - if you setup an SMTP server on a residential account, it's highly likely that it will already be black-listed as many of the list encompass the known subnets for the residential services of most ISP's.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.