Shocking : RedHat's firewall matches ZoneAlarm.

[CougTek]

I tested the security of my local computers' internet connections this morning, using the Shields Up! web site. Recent Red Hat distributions have included a firewall that's installed by default. Most software firewalls aren't fully effective. They are better than having none, but rarely bullet proof. One notable exception has been ZoneAlarm. Better than others, like the Norton Joke Firewall and even Tiny's Personal Firewall.

I didn't expect much from Red Hat's firewall before visiting Shields Up!. What a surprise it's been to see that it stealth all the ports of my system, with one small exception (port 113, which is supposedly tricky to hide). Zone Alarm gave me the same result (all ports stealth except 113). I don't know if Red Hat's firewall acts on layer 2 just like ZA or if it only starts controling from layer 4 and up, but the end result is still very good.

I used MozFirebird 0.7 on both platforms (Windows and RedHat) to visit Shields Up! and take the test.

 

[Handruin]

That's good news to hear about redhat. On the windows platform, have you ever tried sygate's personal firewall (free version)? I've been using that for a while now and it works well. I'll admit I haven't tried the shields Up! site because I'm behind the firewall in my router. I use sygate to manage any program that tries to gain net access going out of my system.

 

[CougTek]

Hmm...

I installed Sygate's firewall and retest my system using Shields Up! Same result as ZoneAlarm. I then became a bit suspicious. I shut down Sygate and tried Shields Up! with no firewall launched. Same result. Guess I shut down so many services on this Windows box that having a firewall or not doesn't make a difference anymore.

That or my USR8000 router/firewall between all my systems and the Net, although I haven't configured it to block any special ports and the last time I test a system with a plain untouched Windows installation, it didn't protect me from everything. So it must not be the USR8000's fault.

I'll have to re-install a default Win2K installation to see what ports are left open and what do Sygate and ZoneAlarm can do about it. I know ZoneAlarm stealth almost everything, but now I cannot tell about Sygate.

 

[SteveC]

If you have a router between the net and your system, then you would be testing the router. To really test your system, you would have to hook it up directly to your cable modem.

 

[CougTek]

Not necessarily SteveC. If the router isn't configured to block some ports, those ports will still be accessible on computers behind the router. I never paid attention to the configuration of my router and I remember that about a year ago, computers behind it where still vulnerable according to shields up! when they had no software firewall installed.

What I did in the meanwhile was to shut down a bunch of Win2K services to minimise the number of open ports on this system. To trully test the efficiency of soft firewall, I will have to reset all services to their default setting and them revisit Shields Up! (or any other probing site).

 

[SteveC]

The Shields Up test only tests the public IP address, which is assigned to the router. All the PC on your LAN have private IP addresses, so they aren't seen. If I run the test, I get the exact same results as you (all ports stealth, except 113), and I don't have a firewall on this PC, because it's only testing the router. Also, any decent router should have all ports closed unless you specifically open them.

 

[Jan Kivar]

I think some (if not most) service providers block certain ports to the Internet (137-139, at least).

Jan