Run Roadrunner through USB or network card? (1 Viewer)

[John_Berger]

It sounds to me like he's talking about nothing more than accessing open NetBIOS shares via TCP/IP, which has nothing to do with any weaknesses in Zone Alarm.

How do you figure? If Zone Alarm is supposed to drop all inbound packets, including NetBIOS and associated broadcasts, how can establishing a connection not be considered to be a weakness in ZA? Even the freebies ipchains and ipfilter can block all incoming broadcasts.
The only other way (not including malicious code on a web site) would be to trick the client into making a connection to the hacker, thus making it an outbound connection, which still involves getting around ZA.
Even if NetBIOS shares are open, ZA should still be blocking any attempt to connect to those shares. Just another reason why a broadband router or some kind of non-routable NAT scheme is the safest thing for anyone to do.
Of course, if the server can still be pinged, that's a clear indication that ZA or the associated firewall is not configured properly anyway...unless you really do want an ICMP_ECHO attack.

 

[John Stone]

Even if NetBIOS shares are open, ZA should still be blocking any attempt to connect to those shares.

It DOES, as I said in my post. Are you reading too quickly, or just being argumentative?

 

[John_Berger]

It DOES, as I said in my post. Are you reading too quickly, or just being argumentative?

Reading too quickly. My bad.

I love the one statement that I read on some security and network optimization web site that said that if every PC would prevent broadcasts from going out onto the Internet, particularly NetBIOS, Internet traffic would decrease by upwards of 25%. Don't you just love Microsoft and direct-to-Internet connections?

 

[John Stone]

Don't you just love Microsoft and direct-to-Internet connections?

No. Ah, we agree at last!

 

[Brad_V]

[So that's the extent of his "4 ways to hack Zone Alarm"? It sounds to me like he's talking about nothing more than accessing open NetBIOS shares via TCP/IP, which has nothing to do with any weaknesses in Zone Alarm. /QUOTE]

lol... this is why I never pretend to know something I don't. Someone else who knew him mentioned four ways, but he said no, just the ways I mentioned. I don't know what it was at the time, but I think it was some online buddies who had Zone Alarm, he did that, and then freaked them out with it. I don't know if you said you have ZA or not, but I tried your ip address with it, and nothing, of course. Although I did hack into your computer using a different method, so that way worked.

...kidding.

 

[John_Berger]

Quote:

That's the idea. Inbound connections are abruptly dropped without a response unless you specifically allow them. If there is a situation where someone is claiming to use a firewall but you can still ping it, either they allowed ICMP_ECHO (which is a really stupid move for the most part) or the firewall is not functioning properly.

 

[John Stone]

computer (via IP address) asking for its name.

I know, and that query is unicast, not broadcast. (note emphasis in above quote is mine).

 

[jeff peterson]

So...I should pick up a network card on my way home from work??

 

[John_Berger]

So...I should pick up a network card on my way home from work??

You dare to read through this thread and STILL ask that question??

 

[jeff peterson]

Actually, my eyes glazed over long ago.

What I did in real life was pick up a card, connect the cable modem through it; then, I downloaded tiny personal firewall and install that.

 

[Brad_V]

TPS seems to work great for me (for a home PC with cable). You just have to make sure not to be too liberal with the "don't ask me anymore" rules when you permit something.

For the most part, even when using file-sharing things and the like, once I permanently denied the random ICMP and UDP packet requests, that took care of almost everything right there.