John_Berger
Senior HTF Member
- Joined
- Nov 1, 2001
- Messages
- 2,489
It sounds to me like he's talking about nothing more than accessing open NetBIOS shares via TCP/IP, which has nothing to do with any weaknesses in Zone Alarm.How do you figure? If Zone Alarm is supposed to drop all inbound packets, including NetBIOS and associated broadcasts, how can establishing a connection not be considered to be a weakness in ZA? Even the freebies ipchains and ipfilter can block all incoming broadcasts.
The only other way (not including malicious code on a web site) would be to trick the client into making a connection to the hacker, thus making it an outbound connection, which still involves getting around ZA.
Even if NetBIOS shares are open, ZA should still be blocking any attempt to connect to those shares. Just another reason why a broadband router or some kind of non-routable NAT scheme is the safest thing for anyone to do.
Of course, if the server can still be pinged, that's a clear indication that ZA or the associated firewall is not configured properly anyway...unless you really do want an ICMP_ECHO attack.