OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Justin Morgan (jmorganzonelabs.com)
Date: Mon Nov 12 2001 - 18:36:58 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ('binary' encoding is not supported, stored as-is) Mailer: SecurityFocus
    In-Reply-To: <000001c16693$de35fbb0$5241bbd4www>

    Hi,

    As a technical support engineer for ZoneLabs I just
    wanted to let all of you know that this report is
    missing something important.

    ZoneAlarm has two zones, the internet and the local
    zone. Any networks which are checked in the local
    zone are considered trusted, and all network traffic
    from those addresses will be allowed through the
    firewall.

    As an end-user it is EXTREMELY important you only
    add addresses to your local zone that you trust. This
    would be your LAN addresses and no others
    generally.

    ZoneAlarm Pro asks you if you would like to trust the
    network you connect to whenever you get DHCP
    from a new DHCP server. If you are connected to
    the internet answer NO to this question when it
    comes up.

    If you follow these guidelines you will not be open as
    described below.

    Best regards,
    Zone Labs Support


    >
    >ZoneAlarm Pro is firewall for Windows home-users.
    >
    >The following was tested with ZoneAlarm Pro latest
    version: 2.6.357
    >
    >I`m not sure if it also works with the free version but
    I can't imagine
    >why it wouldn't.
    >
    >Similair to Internet Explorer ZoneAlarm Pro (ZAP)
    has security settings
    >for Local and Internet.
    >
    >However ZAP in certain cases classifies
    connections as Local when they
    >really aren't Local. All connections that have the
    same 2 octets as your
    >IP (ex. Your ip 123.123.123.123 -> 123.123.*.*) are
    also considered
    >Local.
    >
    >This means everyone on with the same two first
    octet's of your IP can
    >connect to your computer under local level security
    settings instead of
    >the internet level security settings.
    >
    >With default settings this will expose your computer
    and all it's ports
    >plus opening and allow access to windows services
    and shares. Users to
    >customize local level security to allow (and block)
    whatever they want.
    >
    >How did I discover this?
    >
    >I installed a webserver and asked some friends to
    view some pages but
    >they weren't able to connect. Zone Alarm Pro
    blocked the http port I
    >found out. But this surprised me since I viewed my
    http.acces and
    >http.error logife before I enabeled port 80 in ZAP and
    already had a lot
    >of requests from servers infected with nimba. After
    looking at the IP's
    >the first two octets were all the same.. the same as
    mine.
    >
    >Philip Wagenaar
    >The Netherlands
    >philipnetlogics.nl
    >
    >
    >
    >