Firewall difficulty

Well I bought these two :-

But when I go to https://grc.com/x/ne.dll?bh0bkyd2

I'm told my computer is well insecure and I've Zone Alarm running on
both computers.

Helllllllllp!

Or shall I just send it back and get a Netgear one!

I was thinking of getting these two to connect two computers to adsl, my
> > computer next to the phone line has a 10/100 lan thing built in, any
> > pertinent comments would be appreciated.
> >
> > If I buy this
> >
> >
>
http://www.ebuyer.com/customer/produ...d19wcm9kdWN0X2
> 92ZXJ2aWV3&product_uid=48452
> >
> > and this
> >
> >
>
http://www.ebuyer.com/customer/produ...d19wcm9kdWN0X3
> Jldmlld3M=&product_uid=37483
> >
> >
>
> Although this kit is 802.11b (11Mbps), if you intend to do a lot of file
> sharing - data shuffling - online gaming etc. you might want to look at
> getting 802.11g (54Mbps) kit (or even the "newer" 802.11n (108Mbps))
> instead. Otherwise, go ahead - blow your socks off!


=?ISO-8859-1?Q?=ACStephen_Hammond?=

¬Stephen Hammond wrote:

> Well I bought these two :-

http://tinyurl.com/fdc3

and http://tinyurl.com/3d6dy


>
> But when I go to https://grc.com/x/ne.dll?bh0bkyd2
>
> I'm told my computer is well insecure and I've Zone Alarm running on
> both computers.
>
> Helllllllllp!
>
> Or shall I just send it back and get a Netgear one!
>
> I was thinking of getting these two to connect two computers to adsl, my
> > > computer next to the phone line has a 10/100 lan thing built in, any
> > > pertinent comments would be appreciated.
> > >
> > > If I buy this
> > >
> > >
> >
> http://www.ebuyer.com/customer/produ...d19wcm9kdWN0X2
>
> > 92ZXJ2aWV3&product_uid=48452
> > >
> > > and this
> > >
> > >
> >
> http://www.ebuyer.com/customer/produ...d19wcm9kdWN0X3
>
> > Jldmlld3M=&product_uid=37483
> > >
> > >
> >
> > Although this kit is 802.11b (11Mbps), if you intend to do a lot of file
> > sharing - data shuffling - online gaming etc. you might want to look at
> > getting 802.11g (54Mbps) kit (or even the "newer" 802.11n (108Mbps))
> > instead. Otherwise, go ahead - blow your socks off!

"¬Stephen Hammond" <(E-Mail Removed)> wrote in message
news:bvh0e0$bhv$1$(E-Mail Removed)...
> Well I bought these two :-
>
> But when I go to https://grc.com/x/ne.dll?bh0bkyd2
>
> I'm told my computer is well insecure and I've Zone Alarm running on
> both computers.
>
> Helllllllllp!
>
> Or shall I just send it back and get a Netgear one!
>
[snip]

I've lost the original thread on this, so can't see what kit or
configuration was being discussed: I'm guessing you've got two PCs connected
via ethernet or wireless to a router/modem...

Zone Alarm, when running on a single PC directly connected to the InterNet
will usually pass all the ShieldsUp tests if you've set the security levels
to high (I can't remember the exact terminology - it's a while since I used
it). However, when you connect via a router things are a bit different as
Zone Alarm only runs on your PC. You can probably configure the router to
present a more secure configuration, but what is possible probably depends
on the hardware in use.

ShieldsUp shows the IP address it is trying to probe, so if you click Start,
Run and type "winipcfg" you can find the IP address used by your PC. These
should be completely different. If not, then I'd really start to panic!

Ian.



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.574 / Virus Database: 364 - Release Date: 29/01/04

>
>>Well I bought these two :-
>>
>>But when I go to https://grc.com/x/ne.dll?bh0bkyd2
>>
>>I'm told my computer is well insecure and I've Zone Alarm running on
>>both computers.
>>
>>Helllllllllp!
>>
>>Or shall I just send it back and get a Netgear one!
>>
>
> [snip]
>
> I've lost the original thread on this, so can't see what kit or
> configuration was being discussed: I'm guessing you've got two PCs connected
> via ethernet or wireless to a router/modem...
>
> Zone Alarm, when running on a single PC directly connected to the InterNet
> will usually pass all the ShieldsUp tests if you've set the security levels
> to high (I can't remember the exact terminology - it's a while since I used
> it). However, when you connect via a router things are a bit different as
> Zone Alarm only runs on your PC. You can probably configure the router to
> present a more secure configuration, but what is possible probably depends
> on the hardware in use.
>
> ShieldsUp shows the IP address it is trying to probe, so if you click Start,
> Run and type "winipcfg" you can find the IP address used by your PC. These
> should be completely different. If not, then I'd really start to panic!
>
> Ian.
>

THanks for the help I've the following bits of kit
these two :-


http://tinyurl.com/fdc3

and http://tinyurl.com/3d6dy

from this somewhere on my modem settings I found this

LAN
IP Address Subnet Mask MAC Address
10.0.0.2 255.0.0.0 00:09:F3:03:5A:91

So I'll try with ip address 10.0.0.2 and see what gives.

Hang how do I specify what ip address I want shields up to check ?

Stephn







>

>
> THanks for the help I've the following bits of kit
> these two :-
>
>
> http://tinyurl.com/fdc3
>
> and http://tinyurl.com/3d6dy
>
> from this somewhere on my modem settings I found this
>
> LAN
> IP Address Subnet Mask MAC Address
> 10.0.0.2 255.0.0.0 00:09:F3:03:5A:91
>
> So I'll try with ip address 10.0.0.2 and see what gives.
>
> Hang how do I specify what ip address I want shields up to check ?
>
> Stephn
>

OK, so you've got a wireless network, with a wireless Modem/Router.

You don't specify the IP address that ShieldsUp tests. It detects the IP
address from the headers of the "GET" request your browser sends when
requesting the page from the web server. This is *always* the IP address
that your Router/Modem presents to the "external" internet and is assigned
by your ISP. This IP address may change each time your modem connects
(dynamic IP) or may always be the same (static IP) depending on the terms of
your ISPs package.

The router provides a separate set of IP addresses for the "inside" network
(in your case, the wireless side), and the subnet 10.x.x.x is a common
default for this internal network (ie the settings you quote are probably
the Router "internal" IP address and is the "proxy" address that PCs on your
network see when contacting the internet). The router then uses Network
Address Translation (NAT) to map IP addresses between your internal network
and the internet. When a data packet intended for the internet arrives from
your PC, the Router strips "your" header information and replaces it with
its "external" information before sending it out through the modem and
essentially the same happens in reverse for data coming from the internet.
This behaviour is similar to what a firewall like Zone Alarm does (to an
extent).

Zone Alarm, in it's "stealth mode" (high security) works by modifying the
default behaviour that is expected of "normal" IP traffic. According to the
specifications for the protocols, any request, such as a "ping" (IDCMP ECHO)
to a given address must be met with a psitive response, either accepting or
rejecting the request. In stealth mode, Zone Alarm simply ignores the
request and sends no response at all, consequently port probes by ShieldsUp
tend to report things like "Probing on port nnn failed to detect a port or
even the presence of a computer on IP address xx.xx.xx.xx".

However, Zone Alarm can't tell your Router/Modem to behave this way, so it
responds in the default manner, leading to the kind of report you saw. Zone
Alarm is still protecting your PCs. The Router is effectively passive in all
this, so is at limited risk: It should only ever accept reconfiguration from
IP addresses on your internal network. But there may be ways to configure it
so that it closes ports that you don't use, etc. Check manuals or the
manufacturer's web site for tips on advanced configuration settings.

Ian.



---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.574 / Virus Database: 364 - Release Date: 29/01/04