Shields Up, Zone alarm and ntl cable broadband

Hi

my setup is ntl cable broadband usb to "server" pc , from there into a hub
which servers 2 other pc's , all machines have zone alarm on them and am
using ICS on the server to share out internet access etc.. , all machines Xp
and all works happly

i found a problem tho with zone alarm running at 70% cpu most of the time
and taking 80mb+ memory up when emule was running, normally it just sits at
5% useage, ie not a lot at all.

so i disabled zone alarm so i could reinstall it just to see if that would
cure the problem, after i removed zone alarm i ran Shields up from grc.com
and was quite suprised to see that my machine was in effect hidden, and
passed most of the tests ok, the only ports that were open were the ports
for ics and netmeeting

i put zone alarm back on, ran shields up and got excatly the same result!?

i was reading something on their site about using nat'd address's which in
effect i'm using with ics and that the modem itself acts as quite a good
firewall as the pc's have private 194.168.0.xxx address's

so in theroy i dont need zone alarm as the machine is set to download and
install any critical ms updates and virus defs

does that all make sence!?

ta

Chris

"Chris" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> so in theroy i dont need zone alarm as the machine is set to
> download and install any critical ms updates and virus defs

A firewall at the boundary of your network will protect you from
incoming 'baddies'. And a NAT router offers a degree of 'firewall'
protection: it will drop all incoming traffic for which there is no
existing outgoing connection.

A software firewall performs a different function - it will protect
you from outgoing 'baddies'. ZoneAlarm and other so-called 'personal
firewalls' offer this protection.

A number of programs, once installed on your PC, will attempt to
'call home'. Such programs range from legitimate software (perhaps
checking licence registration details or accessing on-line help),
through adware (attempting to track your surfing), to malware (for
example a trojan horse program potentially setting up an unwanted or
harmful connection).

Assuming you have up-to-date antivirus software and are careful about
your downloads, the last of these is unlikely. If you regularly run
adware checking software (Spybot, Ad-aware) then the second is
unlikely. You may, for a number of reasons, wish to prevent the
first.

A software firewall will warn when any program attempts an outgoing
connection. It's all useful to know. Similarly, the ability to see
traffic logs can be helpful - and revealing. You would be surprised
by how much traffic there is, even on a quiet local network beyond
the router!

Hope this helps

--

Richard Perkin
To email me, change the AT in the address below
richard.perkinATmyrealbox.com

It's is not, it isn't ain't, and it's it's, not its, if you mean it
is. If you don't, it's its. Then too, it's hers. It isn't her's.
It isn't our's either. It's ours, and likewise yours and theirs.
-- Oxford University Press, Edpress News

On Tue, 18 May 2004 13:56:27 +0100, Chris wrote:

> Hi
>
> my setup is ntl cable broadband usb to "server" pc , from there into a hub
> which servers 2 other pc's , all machines have zone alarm on them and am
> using ICS on the server to share out internet access etc.. , all machines Xp
> and all works happly
>
> i found a problem tho with zone alarm running at 70% cpu most of the time
> and taking 80mb+ memory up when emule was running, normally it just sits at
> 5% useage, ie not a lot at all.
>
> so i disabled zone alarm so i could reinstall it just to see if that would
> cure the problem, after i removed zone alarm i ran Shields up from grc.com
> and was quite suprised to see that my machine was in effect hidden, and
> passed most of the tests ok, the only ports that were open were the ports
> for ics and netmeeting
>
> i put zone alarm back on, ran shields up and got excatly the same result!?
>
> i was reading something on their site about using nat'd address's which in
> effect i'm using with ics and that the modem itself acts as quite a good
> firewall as the pc's have private 194.168.0.xxx address's
>
> so in theroy i dont need zone alarm as the machine is set to download and
> install any critical ms updates and virus defs
>
> does that all make sence!?
>
> ta
>
> Chris

Yes, of course it makes sense. A NAT router will provide you with inbound
protection but a firewall will also give you outbound protection as well.
You high CPU usage is well known if you run p2p programs, some users never
have problems and others have high CPU usage and large memory requirements.
The problem stems from ZA interpreting the connection attempts as 'attacks'
and, I guess, using the memory to store the rules and therefore more CPU
time. Have a look at task manager while ZA is installed and your p2p is
running and you see memory used at about 4-8K per second. I don't use p2p
much but if you have a problem with ZA then try the free version of Kerio
Personal Firewall.

Regards

Bill

> You high CPU usage is well known if you run p2p programs, some users never
> have problems and others have high CPU usage and large memory
requirements.
> The problem stems from ZA interpreting the connection attempts as
'attacks'
> and, I guess, using the memory to store the rules and therefore more CPU
> time. Have a look at task manager while ZA is installed and your p2p is
> running and you see memory used at about 4-8K per second. I don't use p2p
> much but if you have a problem with ZA then try the free version of Kerio
> Personal Firewall.

thanks for that, i've had a flick thro the zone alarm + emule forums and it
does appear to be a known issue

think i'll look for another product!

ta

Chris

thanks for that, my "server" is just that, an emule server so it never gets
used for browsing etc.. have found tho that the problem i'm having with
zonealarm running at high cpu is because of emule, so think i'll just get a
new firewall product!


"Richard Perkin" <(E-Mail Removed)> wrote in message
news:Xns94ED9A57223C3fnurdle@130.133.1.4...
> "Chris" <(E-Mail Removed)> wrote in
> news:(E-Mail Removed):
>
> > so in theroy i dont need zone alarm as the machine is set to
> > download and install any critical ms updates and virus defs
>
> A firewall at the boundary of your network will protect you from
> incoming 'baddies'. And a NAT router offers a degree of 'firewall'
> protection: it will drop all incoming traffic for which there is no
> existing outgoing connection.
>
> A software firewall performs a different function - it will protect
> you from outgoing 'baddies'. ZoneAlarm and other so-called 'personal
> firewalls' offer this protection.
>
> A number of programs, once installed on your PC, will attempt to
> 'call home'. Such programs range from legitimate software (perhaps
> checking licence registration details or accessing on-line help),
> through adware (attempting to track your surfing), to malware (for
> example a trojan horse program potentially setting up an unwanted or
> harmful connection).
>
> Assuming you have up-to-date antivirus software and are careful about
> your downloads, the last of these is unlikely. If you regularly run
> adware checking software (Spybot, Ad-aware) then the second is
> unlikely. You may, for a number of reasons, wish to prevent the
> first.
>
> A software firewall will warn when any program attempts an outgoing
> connection. It's all useful to know. Similarly, the ability to see
> traffic logs can be helpful - and revealing. You would be surprised
> by how much traffic there is, even on a quiet local network beyond
> the router!
>
> Hope this helps
>
> --
>
> Richard Perkin
> To email me, change the AT in the address below
> richard.perkinATmyrealbox.com
>
> It's is not, it isn't ain't, and it's it's, not its, if you mean it
> is. If you don't, it's its. Then too, it's hers. It isn't her's.
> It isn't our's either. It's ours, and likewise yours and theirs.
> -- Oxford University Press, Edpress News

"Chris" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> thanks for that, my "server" is just that, an emule server so it
> never gets used for browsing etc.. have found tho that the problem
> i'm having with zonealarm running at high cpu is because of emule,
> so think i'll just get a new firewall product!

Personally I use Sygate and can recommend it. Find the free version
here:
<http://smb.sygate.com/products/spf_standard.htm>


Hope this helps

--

Richard Perkin
To email me, change the AT in the address below
richard.perkinATmyrealbox.com

It's is not, it isn't ain't, and it's it's, not its, if you mean it
is. If you don't, it's its. Then too, it's hers. It isn't her's.
It isn't our's either. It's ours, and likewise yours and theirs.
-- Oxford University Press, Edpress News

On 18 May 2004 15:34:48 GMT, Richard Perkin <(E-Mail Removed)>
wrote:

>"Chris" <(E-Mail Removed)> wrote in
>news:(E-Mail Removed):
>
>> thanks for that, my "server" is just that, an emule server so it
>> never gets used for browsing etc.. have found tho that the problem
>> i'm having with zonealarm running at high cpu is because of emule,
>> so think i'll just get a new firewall product!
>
>Personally I use Sygate and can recommend it. Find the free version
>here:
><http://smb.sygate.com/products/spf_standard.htm>

I've heard reports that Sygate Personal Firewall and ICS don't work
together. But I've not tried it myself, so can't say for sure.
I *have* used ICS and Kerio 2.1.4 together (on an NTL cable modem, as
it happens), and it works fine.

To the OP: ICS is protecting your other machines via its NAT facility,
but the ICS server itself is wide open to the Net without a firewall.
Probably not a good idea.
--
Clive Backham

Note: As a spam avoidance measure, the email address in the header
is just a free one and doesn't get checked very often. If you want to email
me, my real address can be found at: www [dot] delback [dot] co [dot] uk

> To the OP: ICS is protecting your other machines via its NAT facility,
> but the ICS server itself is wide open to the Net without a firewall.
> Probably not a good idea.
> --

ta for that, for the time being have just enabled the XP firewall on the
cable modem connection, shields up seems to like it so might just leave it
with that for now!

On Tue, 18 May 2004 16:22:19 +0100, "Chris" <(E-Mail Removed)>
wrote:
-
-thanks for that, i've had a flick thro the zone alarm + emule forums and it
-does appear to be a known issue
-

As well as shields up try the scanner at http://www.dslreports.com/secureme


-Rob
robatwork at mail dot com