What are the alternatives

[Guest]

Archived from groups: comp.security.firewalls (More info?)

I am behind a NAT router and want a lightweight product to detect
outbound connections I assume that a software firewall is needed but
maybe their are other alternatives (eg background port monitoring etc)

It seems that ZA is becoming too bloated but am not sure about the
other alternatives and their reputations. I only know of Kerio
(excluding Symantec of course which I do not want) but maybe there are
better options

Any ideas

Many thanks

Mike

 

[Chuck]

Archived from groups: comp.security.firewalls (More info?)

On 22 Jun 2004 14:39:35 -0500, "Mike Saunders" <*email_address_deleted*> wrote:

>I am behind a NAT router and want a lightweight product to detect
>outbound connections I assume that a software firewall is needed but
>maybe their are other alternatives (eg background port monitoring etc)
>
>It seems that ZA is becoming too bloated but am not sure about the
>other alternatives and their reputations. I only know of Kerio
>(excluding Symantec of course which I do not want) but maybe there are
>better options
>
>Any ideas
>
>Many thanks
>
>Mike

Mike,

For lightweight connection monitoring, I use TCPView (free) from
<http://www.sysinternals.com/ntw2k/source/tcpview.shtml>. Needs no installation
- just drop it into a folder, and run.

For slightly heavier port monitoring, Port Explorer
<http://www.diamondcs.com.au/portexplorer/index.php?page=home> is more
configurable than TCPView. The paid version includes a small packet monitor.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Chuck wrote:

> On 22 Jun 2004 14:39:35 -0500, "Mike Saunders"
> <*email_address_deleted*> wrote:
>
> > I am behind a NAT router and want a lightweight product to detect
> > outbound connections I assume that a software firewall is needed but
> > maybe their are other alternatives (eg background port monitoring
> > etc)
> >
> > It seems that ZA is becoming too bloated but am not sure about the
> > other alternatives and their reputations. I only know of Kerio
> > (excluding Symantec of course which I do not want) but maybe there
> > are better options
> >
> > Any ideas
> >
> > Many thanks
> >
> > Mike
>
> Mike,
>
> For lightweight connection monitoring, I use TCPView (free) from
> <http://www.sysinternals.com/ntw2k/source/tcpview.shtml>. Needs no
> installation - just drop it into a folder, and run.
>
> For slightly heavier port monitoring, Port Explorer
> <http://www.diamondcs.com.au/portexplorer/index.php?page=home> is more
> configurable than TCPView. The paid version includes a small packet
> monitor.
>
> Cheers,
> Chuck
> Paranoia comes from experience - and is not necessarily a bad thing.


Would these be specific enough with identifying each outbound process?
I think I read somewhere about certain trojans hijacking the browser.

Just wondered if these might be disguised (I guess this appies to
firewalls as well)

Mike

 

[Chuck]

Archived from groups: comp.security.firewalls (More info?)

On 22 Jun 2004 16:59:29 -0500, "Mike Saunders" <Epitaxial@folleytech.co.uk>
wrote:

>Chuck wrote:

<SNIP>

>> Mike,
>>
>> For lightweight connection monitoring, I use TCPView (free) from
>> <http://www.sysinternals.com/ntw2k/source/tcpview.shtml>. Needs no
>> installation - just drop it into a folder, and run.
>>
>> For slightly heavier port monitoring, Port Explorer
>> <http://www.diamondcs.com.au/portexplorer/index.php?page=home> is more
>> configurable than TCPView. The paid version includes a small packet
>> monitor.
>>
>> Cheers,
>> Chuck
>> Paranoia comes from experience - and is not necessarily a bad thing.
>
>
>Would these be specific enough with identifying each outbound process?
>I think I read somewhere about certain trojans hijacking the browser.
>
>Just wondered if these might be disguised (I guess this appies to
>firewalls as well)

Mike,

I've got a few products from SysInternals - and what they write seems pretty
solid. I guess you'd have to check it out, and decide yourself. I know a few
folks in the various security forums recommend TCPView.

Port Explorer is from the makers of TDS-3, a popular trojan defense program. I
use PE, and haven't noticed any problems. Of course, I haven't become infected
either.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In article <40d88af7_4@127.0.0.1>, Epitaxial@folleytech.co.uk says...
> I am behind a NAT router and want a lightweight product to detect
> outbound connections I assume that a software firewall is needed but
> maybe their are other alternatives (eg background port monitoring etc)

Why not install Wall Watcher (if you are using a Linksys) to monitor the
IN/OUT bound connections in real time?

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Leythos wrote:

> In article <40d88af7_4@127.0.0.1>, Epitaxial@folleytech.co.uk says...
> > I am behind a NAT router and want a lightweight product to detect
> > outbound connections I assume that a software firewall is needed but
> > maybe their are other alternatives (eg background port monitoring
> > etc)
>
> Why not install Wall Watcher (if you are using a Linksys) to monitor
> the IN/OUT bound connections in real time?

Its a Vigor router, So what is wall wathcer then?

Mike

 

[casey]

Archived from groups: comp.security.firewalls (More info?)

In article <40d88af7_4@127.0.0.1>, Epitaxial@folleytech.co.uk says...
> I am behind a NAT router and want a lightweight product to detect
> outbound connections I assume that a software firewall is needed but
> maybe their are other alternatives (eg background port monitoring etc)
>
> It seems that ZA is becoming too bloated but am not sure about the
> other alternatives and their reputations. I only know of Kerio
> (excluding Symantec of course which I do not want) but maybe there are
> better options
>
> Any ideas
>
> Many thanks
>
> Mike
Hi Mike. Don't know your definition of "detect". If you mean logging,
you might try Sygate (free or pro)firewall. Its logging
is excellent. All connections or attempted connections, in or out,
are logged in a format that is easy to read (and understand).
Two clicks and you are looking at it.
http://soho.sygate.com/free/default.php
Casey

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

In article <40d8aa5e$1_4@127.0.0.1>, Epitaxial@folleytech.co.uk says...
> Leythos wrote:
>
> > In article <40d88af7_4@127.0.0.1>, Epitaxial@folleytech.co.uk says...
> > > I am behind a NAT router and want a lightweight product to detect
> > > outbound connections I assume that a software firewall is needed but
> > > maybe their are other alternatives (eg background port monitoring
> > > etc)
> >
> > Why not install Wall Watcher (if you are using a Linksys) to monitor
> > the IN/OUT bound connections in real time?
>
> Its a Vigor router, So what is wall wathcer then?

WallWatcher will capture the logs being sent to it and display/record
them for your viewing pleasure - it is a very nice product, free,
designed by a chap that has a Linksys router. It can show full in/out
bound traffic with source/destination IP/port.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"Mike Saunders" <Epitaxial@folleytech.co.uk> wrote in news:40d88af7_4@
127.0.0.1:

> I am behind a NAT router and want a lightweight product to detect
> outbound connections I assume that a software firewall is needed but
> maybe their are other alternatives (eg background port monitoring etc)
>
> It seems that ZA is becoming too bloated but am not sure about the
> other alternatives and their reputations. I only know of Kerio
> (excluding Symantec of course which I do not want) but maybe there are
> better options
>
> Any ideas
>

You may be able to capture the router's logs with Kiwi Syslog Daemon
(free), if the router you have doesn't have a log viewer to view inbound
and outbound to/from the router.

http://www.kiwisyslog.com/

If you're using any of the O/S(s), then you'll be able to stop inbound or
outbound by port, protocol or IP behind the router.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm

IPsec is made easy with the AnalogX SecurePol file and learn from when
implemented.

http://www.analogx.com/contents/articles/ipsec.htm

You can also look into using Active Ports as well to watch inbound and
outbound traffic on the machine. I have a short-cut for Active Ports in
the Start folder so I can watch connections made at boot.


Duane

 

[Jo]

Archived from groups: comp.security.firewalls (More info?)

Mike Saunders wrote:

>Would these be specific enough with identifying each outbound process?
>I think I read somewhere about certain trojans hijacking the browser.
>
>Just wondered if these might be disguised (I guess this appies to
>firewalls as well)

You might have fun looking at pcaudit from here:

http://www.pcinternetpatrol.com/downloads/audit.php

And tooleaky:

http://www.tooleaky.zensoft.com/

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

jo wrote:

> Mike Saunders wrote:
>
> > Would these be specific enough with identifying each outbound
> > process? I think I read somewhere about certain trojans hijacking
> > the browser.
> >
> > Just wondered if these might be disguised (I guess this appies to
> > firewalls as well)
>
> You might have fun looking at pcaudit from here:
>
> http://www.pcinternetpatrol.com/downloads/audit.php


That certainly is the area I am interested in A pity it is so expensive

>
> And tooleaky:

>
> http://www.tooleaky.zensoft.com/

Do you know if the points made apply to todays firewalls It was
written in 2001 I would hope they have addressed this by now otherwise
I don't see much point in installing a conventional firewall

Mike

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

jo wrote:

>
> >
> > Do you know if the points made apply to todays firewalls
>
> They do.
> It is fun running the two apps and trying to work out what they are
> doing.
>
> > It was
> > written in 2001 I would hope they have addressed this by now
> > otherwise I don't see much point in installing a conventional
> > firewall
>
> You don't want to be passing responsibility for your security over to
> a firewall... is the point that is being made.


That is EXACTLY what I want to do Are you saying that if I run these
tests you suggest that I will be able to determine whats happening
using one of the port monitors suggested in this thread? I would need
to keep a log so I guess Port Explorer would be the thing. Am I right
so far?

Mike

 

[Jo]

Archived from groups: comp.security.firewalls (More info?)

Mike Saunders wrote:

>jo wrote:

>> > Do you know if the points made apply to todays firewalls
>>
>> They do.
>> It is fun running the two apps and trying to work out what they are
>> doing.
>>
>> > It was
>> > written in 2001 I would hope they have addressed this by now
>> > otherwise I don't see much point in installing a conventional
>> > firewall
>>
>> You don't want to be passing responsibility for your security over to
>> a firewall... is the point that is being made.
>
>That is EXACTLY what I want to do

Not a good idea. I hope you don't invest that amount of trust in your
AV software.

>Are you saying that if I run these
>tests you suggest that I will be able to determine whats happening
>using one of the port monitors suggested in this thread? I would need
>to keep a log so I guess Port Explorer would be the thing. Am I right
>so far?

Running the test apps will help you determine how securely your
firewall is configured to disallow unpermitted outgoing traffic. Your
firewall will probably fail.
It's a complicated subject about which I know very little.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

jo wrote:

> Mike Saunders wrote:
>
> > jo wrote:
>
> >> > Do you know if the points made apply to todays firewalls
> >>
> >> They do.
> >> It is fun running the two apps and trying to work out what they are
> >> doing.
> >>
> >> > It was
> >> > written in 2001 I would hope they have addressed this by now
> >> > otherwise I don't see much point in installing a conventional
> >> > firewall
>
> Running the test apps will help you determine how securely your
> firewall is configured to disallow unpermitted outgoing traffic. Your
> firewall will probably fail.
> It's a complicated subject about which I know very little.

Well I have learnt a few things here for me to experiment with. I want
to understand as much as possible and to that end I will look at
retriving my router logs and working with them if possible

If I can quickly identify unusual outbound then I hope that I will not
need a software firewall

Mike

 

[Jo]

Archived from groups: comp.security.firewalls (More info?)

Mike Saunders wrote:

>I am behind a NAT router and want a lightweight product to detect
>outbound connections I assume that a software firewall is needed but
>maybe their are other alternatives (eg background port monitoring etc)
>
>It seems that ZA is becoming too bloated but am not sure about the
>other alternatives and their reputations. I only know of Kerio
>(excluding Symantec of course which I do not want) but maybe there are
>better options
>
>Any ideas

This might be what you are looking for:

http://www.looknstop.com/En/index2.htm