PDA

View Full Version : Two Fire Walls?



lotus7
02-02-2004, 11:39 AM
Is it possible to use two firewalls at the same time? Would this be more secure, or just acreate system nightmares?
Thanks

Samurai
02-02-2004, 11:46 AM
Why use 2? One should be more than enough. I personnally recommend Sygate Pro... and yes 2 firewalls installed at the same time could seriously give you a headache or two. They'll conflict no doubt.

[B][O][T]
02-02-2004, 11:49 AM
Agreed one is enough, and keep it updated.

btw ~moved to softwareworld

BOT

MUSLEMAN
02-02-2004, 11:51 AM
sygate pro is the best.

yes you can have 2 without conflict depends on the 2 firewalls.

having 2 firewalls is completely point less and it does not provide more protection, just have to do eveything twice for no extra protection

lotus7
02-02-2004, 11:51 AM
Thanks folks.
I am now using Outpost (Agnitum), but have seen that many people like Sygate. I'll give it a try.
Cheers

Samurai
02-02-2004, 11:54 AM
Originally posted by lotus7@2 February 2004 - 10:51
Outpost (Agnitum)
:blink:

Samurai
02-02-2004, 12:02 PM
Do me a favour please and visit this page http://www.grc.com/default.htm and scroll down and find Shield's UP! and run a test on your system running the firewall you suggested above.

Post your results here...

StyleWarz
02-02-2004, 12:22 PM
I'm using Sygate Personal Firewall Pro and PeerGuardian for ultimate protection... :ghostface:

lotus7
02-02-2004, 01:07 PM
Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.



Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)



Ping Echo: PASSED — Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests) from our server.

lotus7
02-02-2004, 01:08 PM
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

lotus7
02-02-2004, 01:10 PM
Is this a good or bad result?

Samurai
02-02-2004, 01:12 PM
Is this using Outpost (Agnitum)? Post the common ports results. There's a list of about 25 ports.

lotus7
02-02-2004, 01:13 PM
Port
Service
Status Security Implications

0
<nil>
Closed Your computer has responded that this port exists but is currently closed to connections.

21
FTP
Closed Your computer has responded that this port exists but is currently closed to connections.

22
SSH
Closed Your computer has responded that this port exists but is currently closed to connections.

23
Telnet
Closed Your computer has responded that this port exists but is currently closed to connections.

25
SMTP
Closed Your computer has responded that this port exists but is currently closed to connections.

79
Finger
Closed Your computer has responded that this port exists but is currently closed to connections.

80
HTTP
Closed Your computer has responded that this port exists but is currently closed to connections.

110
POP3
Closed Your computer has responded that this port exists but is currently closed to connections.

113
IDENT
Closed Your computer has responded that this port exists but is currently closed to connections.

119
NNTP
Closed Your computer has responded that this port exists but is currently closed to connections.

135
RPC
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

139
Net
BIOS
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

143
IMAP
Closed Your computer has responded that this port exists but is currently closed to connections.

389
LDAP
Closed Your computer has responded that this port exists but is currently closed to connections.

443
HTTPS
Closed Your computer has responded that this port exists but is currently closed to connections.

445
MSFT
DS
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

1002
ms-ils
Closed Your computer has responded that this port exists but is currently closed to connections.

1024
DCOM
Closed Your computer has responded that this port exists but is currently closed to connections.

1025
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1026
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1027
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1028
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1029
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1030
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1720
H.323
Closed Your computer has responded that this port exists but is currently closed to connections.

5000
UPnP
Closed Your computer has responded that this port exists but is currently closed to connections.

lotus7
02-02-2004, 01:15 PM
This is with Outpost

lotus7
02-02-2004, 01:17 PM
GRC Port Authority Report created on UTC: 2004-02-02 at 12:19:59

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113,
119, 135, 139, 143, 389, 443, 445,
1002, 1024-1030, 1720, 5000

0 Ports Open
23 Ports Closed
3 Ports Stealth
---------------------
26 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be STEALTH were: 135, 139, 445

Other than what is listed above, all ports are CLOSED.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

Samurai
02-02-2004, 01:33 PM
This is with using Sygate Personal Firewall Pro... Notice the difference?

Port
Service
Status Security Implications

0
<nil>
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

21
FTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

22
SSH
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

23
Telnet
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

25
SMTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

79
Finger
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

80
HTTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

110
POP3
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

113
IDENT
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

119
NNTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

135
RPC
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

139
Net
BIOS
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

143
IMAP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

389
LDAP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

443
HTTPS
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

445
MSFT
DS
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

1002
ms-ils
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

1024
DCOM
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

1025
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

1026
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

1027
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

1028
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

1029
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

1030
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

1720
H.323
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

5000
UPnP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address&#33;

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

shn
02-02-2004, 08:59 PM
Software firewalls are a hassle. Why go through that when you can shell out 50 or 60 bucks and get a REAL firewall.............................. a router. Just set it and forget it :D and you dont get thoose nagging alert messages everytime something tries to access something else on your pc.

Mad Cat
02-02-2004, 10:04 PM
Originally posted by shn@2 February 2004 - 20:59
Software firewalls are a hassle.&nbsp; Why go through that when you can shell out 50 or 60 bucks and get a REAL firewall.............................. a router.&nbsp; Just set it and forget it :D&nbsp; and you dont get thoose nagging alert messages everytime something tries to access something else on your pc.
I&#39;ve heard oh so many bad things about routers.

Especially with people that can&#39;t set them up properly. Port fowarding etc etc...

Samurai
02-02-2004, 10:29 PM
Exactly.

I bought a Linksys router and set it up prefectly, allowing it to open ports for my p2p clients easily and efficiently. Unfortunately, that is not the case. Although I&#39;ve set the router to open ports 6499 (TCP)& 6500(UDP) for eMule it can never connect.

If I d/c and plug my cable direct, I have no problems whatsoever.

I hate routers, but I have to use one as I&#39;m on a LAN in my house. I just d/c when I&#39;m in the house on my own.

If anyone has any ideas about this, I&#39;d be most greatful ;)

Samurai

lotus7
02-03-2004, 12:09 AM
Thanks for your help Samurai and all others.
Please excuse my obvious and appalling ignorance, but if all ports are in stealth, how does one use the network at all with Kazaa? Is there a trick to this?
I can set Outpost to make all (except two) ports stealth, but then Kazaa doesn&#39;t work at all.
I tried emule, but it didn&#39;t seem to want to multithread, and the que times were ridiculous. Maybe I set it up wrong.

lotus7
02-03-2004, 12:13 AM
With Kazaa I can achieve around 7-800kb/s with win98 (with a total of about 40-45 threads, 20-30 downloads) on an 8Mb/s ADSL, but with Emule I could only achieve around 80kb/s at best. BIG difference. Does my firewall have anything to do with this?

jobauer
02-03-2004, 05:47 AM
Yerk...

Sorry Lotus, I&#39;m a newb&#39;, can&#39;t help you...


I tried Shield&#39;s UP&#39; test, too, with the Pc-Cillin Firewall I use (got it with my mobo)... ANd I badly FAILED. I had no idea that my comp was so...hum... welcoming. :(

So, I&#39;ve just downloaded Sygate Personnal Firewall (after reading many posts here advising it)- the free version.

I&#39;m running it right now, and I really see the difference ; much more powerful, more features, and definitely safer. Of course, it passed Shield&#39;s UP&#39; test :
100% stealth. :)

Well... that made my choice : I keep SPF and disable PC-Cillin Firewall - I still use its antivirus, though, unless you guys think I should now try a good free AV ;)

Anyway, tI&#39;m glad i read this thread; thx for the link samuraï...

shn
02-03-2004, 07:03 AM
Originally posted by lotus7@2 February 2004 - 18:13
With Kazaa I can achieve around 7-800kb/s with win98 (with a total of about 40-45 threads, 20-30 downloads) on an 8Mb/s ADSL, but with Emule I could only achieve around 80kb/s at best. BIG difference. Does my firewall have anything to do with this?
Its the way emule was coded. It downloads files a lot differently than kazaa. It gets the file in chunks or something...............I forget, but I really dont use emule unless I really need something I cant find on any other p2p network beause it can be really slow no matter how fast your connect is.

The way kazaa downloads files suits me just fine................I dont know why emule thinks it does it any better. As long as you get it and its not corrupt I dont see the harm in getting the file faster. :huh:

Bittorent I love but its kinda hard to find good torrent sites nowadays :angry:

MUSLEMAN
02-03-2004, 07:08 AM
@shn if you have a lot of files to share try overnet its pretty good speed if you are sharing.

@Samurai with a router for overnet ,edonkey and i belive emule you still need to get kanat and a hard firewall like a router is the best firewall, you just have to learn how to work with it :lol:

abu_has_the_power
02-03-2004, 07:11 AM
Originally posted by Mad Cat+2 February 2004 - 17:04--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Mad Cat @ 2 February 2004 - 17:04)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-shn@2 February 2004 - 20:59
Software firewalls are a hassle. Why go through that when you can shell out 50 or 60 bucks and get a REAL firewall.............................. a router. Just set it and forget it :D&nbsp; and you dont get thoose nagging alert messages everytime something tries to access something else on your pc.
I&#39;ve heard oh so many bad things about routers.

Especially with people that can&#39;t set them up properly. Port fowarding etc etc... [/b][/quote]
me and this other dude wrote guides bout port forwarding on a router in the bt tips section. btw, y is no one using zonealarm anymore? wat up?

Samurai
02-03-2004, 09:34 AM
I stopped using Zone Alarm Pro about 18 months ago when I found it was conflicting with several programs, including my games.

Since I&#39;ve been using Sygate Pro, I&#39;ve stopped all unauthorised traffic including Denial Of Service attacks.

lotus7 - When ports are in stealth mode, they can&#39;t be seen by anyone trying to hack into your system. Most older firewalls and some of today&#39;s only seem to close them, but this is one of the worst things possible. If a hacker finds a closed port, but not in stealth, it&#39;s like an open invitation. Kazaa and many other programs only open the port when they&#39;re in use, and even then, no other program will be allowed use of the port unless permission is given.

jobauer - I haven&#39;t used PC Cillin, but my best friend has. He&#39;s said it&#39;s an average AV, but there&#39;s much better around. Try Norton SystemWorks 2004. I&#39;ve been using SystemWorks for the last 3 years and it&#39;s working fine for me. Contains AV, CleanSweep, WinDoctor, Speed Disk, System Doctor etc...

MUSLEMAN - I&#39;m fine with setting up the router, and most other hardware / software problems. The settings are fine in my port forwarding, and they have definately been saved. It just will not allow me to connect to eMule or any other p2p client. However, websites seem to work fine (default port 80). BUT I do not wish to change my p2p clients to forward via port 80 as I&#39;ve heard that&#39;s a big no-no.

abu_has_the_power - I already know how to port forward abu, but I&#39;m always open to suggestions, including reading guides, if I might have missed something. Maybe you can answer this question... does my Linksys router have a built in tool to prevent certain ports being opened (for example 6499 & 6500). I can use eMule and WinMX fine using this ports without the router, but not with, and both are set up fine in my diagnostic page. Whatever the outcome, I want to use my p2p clients with a port that is NOT i use. I did open a site which stated all of them from 1 to 10,000. Majority are in use or have been allocated for that particular program.

lotus7
02-03-2004, 09:53 AM
Samurai, Thanks. So simply; a closed port can still be intruded upon?

Samurai
02-03-2004, 09:56 AM
Yes :( Unfortunately

MUSLEMAN
02-03-2004, 11:24 AM
have a look here boss (http://www.overnet.com/documentation/lowid.html)

lotus7
02-03-2004, 11:38 AM
Muscleman; ta, I&#39;m off to do your recommended reading now.

Samurai
02-03-2004, 11:40 AM
Originally posted by MUSLEMAN@3 February 2004 - 10:24
have a look here boss (http://www.overnet.com/documentation/lowid.html)
Nice site with some very helpful info, however I&#39;ve already completed all the neccessary procedures regarding my firewall and Linksys router.

Check out my screenshots for clarification...

1st Screenshot: Sygate&#39;s Application Status

http://www.myimgs.com/data/samuraii3/eMuleProblem001.jpg

2nd Screenshot: eMule Preferences: Connections

http://www.myimgs.com/data/samuraii3/eMuleProblem002.jpg

3rd Screenshot: TBC - LinkSys suffering technical difficulties. Unable to provide screenshot.

lotus7
02-03-2004, 11:50 AM
Muscleman, I think I now know why I got &#39;low id&#39; messages when using emule, and why the speed was low. Thanks again for your superhuman help.

lotus7
02-03-2004, 11:54 AM
Samurai, I&#39;ll use your setting when I reload suggested software. I&#39;m sure they will save time and grief. Ta :D

MUSLEMAN
02-03-2004, 01:01 PM
good luck boss.

@Samurai i don&#39;t know too much about emule config, because once i tried both emule and overnet after repeated test i found overnt faster and easier for me so i use overnet :lol: :lol:

lotus7
02-03-2004, 01:08 PM
P.S. klitetools rocks&#33;&#33;

MUSLEMAN
02-03-2004, 01:52 PM
Originally posted by lotus7@3 February 2004 - 09:08
P.S. klitetools rocks&#33;&#33;
lol thx boss i&#39;ll tell sharedholder(my partner) that :lol: :lol: :lol:

jobauer
02-03-2004, 03:07 PM
Originally posted by Samurai@3 February 2004 - 09:34
jobauer - I haven&#39;t used PC Cillin, but my best friend has. He&#39;s said it&#39;s an average AV, but there&#39;s much better around. Try Norton SystemWorks 2004. I&#39;ve been using SystemWorks for the last 3 years and it&#39;s working fine for me. Contains AV, CleanSweep, WinDoctor, Speed Disk, System Doctor etc...


thx for the input :)...

I already have Norton Utilities, so I&#39;m familiar with CleanSweep, WinDoctor, Speed Disk, etc..
I haven&#39;t tried their AV, though.. I might do that, but I&#39;ve heard mixed comment about it.

I dunno... I think I&#39;ll stick with PC-Cillin for now, while I keep looking for other AV :)

Sorry, I whish I could help you in return, but I have very little knowledge about routers (or computers in general, one might say :)). ,I&#39;ve just installed eMule last week, and for now I still use KAzaa -might take a look at Bittorrent, though.

PS :

P.S. klitetools rocks&#33;&#33; .

Oh yeah.
You know, until I discoverd that forum last month, I was still using K-Lite 2.1 (i think ?). You did a hell of a good job upgrading it.