|
2003-07-09, 02:14
|
#1 |
|
Apr 2003
California
22×23 Posts |
Firewall program? Contact server after upgrade
If you have a firewall program like ZoneAlarm, and you install or upgrade Prime95,
the next time it tries to contact the server ZoneAlarm will halt it and put up a dialog: "Do you want to allow Prime95.exe to contact the Internet?". So it's good to make Prime95 contact the server just after upgrade. Then you can say Yes on the ZoneAlarm dialog, and check the box "remember this answer the next time I run the program". Otherwise, Prime95 may be interrupted when you are not there and get stuck waiting for permission, and you lose hours of time. |
|
|
|
2003-07-09, 05:34
|
#2 |
Aug 2002
C816 Posts |
... or weeks. I once lost 9 days to Zonealarm when I upgraded a Prime95 client just before heading off on vacation. Oops. :(
|
|
|
|
|
2003-07-09, 07:50
|
#3 |
Aug 2002
33×313 Posts |
I've never used ZoneAlarm since I have a Pix, so I'm wondering why ZA would block this traffic since most firewalls permit inbound traffic from the external interface as long as it was initiated from the internal interface... For example, the traffic from the PrimeNet server is not initiated from there... It begins on the local computer and you would think a session would be generated within ZA that would keep track of this...
Or is ZA's default behavior "deny all"? Do you have to manually approve everything? |
|
|
|
|
2003-07-09, 11:32
|
#4 | |
Aug 2002
22×5×13 Posts |
Quote:
And, yes, most of them are, or should be, set up to deny all, either direction. At least initially. What good is protection if it is turned off by default? :) heretic |
|
|
|
|
|
2003-07-09, 14:14
|
#5 | |
|
Aug 2002
23·52 Posts |
Quote:
As long as we're discussing ZA, one other problem I've noted is that it steals a percent or two of the CPU cycles, even when there is no IP traffic. It's annoying, but it's a cost I'm willing to bear to keep unfriendlies out. |
|
|
|
|
|
2003-07-10, 04:09
|
#6 | |
|
Aug 2002
33·313 Posts |
Quote:
Here is a fun article I wrote about my Pix experience... Note that I am not a security expert, I just play one on television... http://arstechnica.infopop.net/OpenTopic/page?a=tpc&s=50009562&f=469092836&m=4700962645 I do like cool gadgets, though... Especially if they are "old school"... I actually sold that one, why I do not know, but I missed it so much I bought another recently to replace it... I figure anything I'm willing to buy twice must be a good value! |
|
|
|
|
|
2003-07-10, 14:06
|
#7 |
Oct 2002
Lost in the hills of Iowa
44810 Posts |
Technically, my firewall is a "software" one - but it's based on LINUX IPTables, and quite a few of the "hardware" firewall devices out there use the SAME underlying firewall software....
8-) |
|
|
|
|
2003-07-10, 16:17
|
#8 |
|
Aug 2002
100001000000112 Posts |
I've run a similar Linux-based firewall before too...
While they work great, you still have the underlying OS to worry about... Yes, a great amount of work has been put into them to harden them, but that still can't change the fact that the basic *nix kernel is designed to "be open" and to communicate... The Pix software, OTOH, is hardened from top to bottom from the very beginning... Of course, everything is relative, and obviously a Linux solution is more cost effective, so the actual decision is very complex... I don't think it is possible to say which is better in a blanket statement... Everyone has different needs and different levels of expectation... I know if I needed a gigabit-ethernet-capable Pix I wouldn't be able to afford it in a million years... As it is, a 501 is at the very extreme end of my price comfort zone... |
|
|
|
|
2003-07-10, 21:13
|
#9 |
|
Apr 2003
California
22·23 Posts |
You also need to contact the server if you upgrade the software firewall, and choose not to keep the old security settings.
I.e. you discard the list of software trusted to access the Internet. |
|
|
|
|
2003-07-11, 01:12
|
#10 | |
Aug 2002
Dawn of the Dead
5·47 Posts |
That is why a router is preferred ... no OS to compromise, plus no stupidity from software firewalls. I'm in a relatively big city and in 15 minutes I have logged over 1000 hack attempts, with zero success ... surprising I have any bandwidth left judging by the activity lamps on the switch ...
Quote:
|
|
|
|
|
|
2003-07-11, 03:19
|
#11 | |
|
Aug 2002
23·52 Posts |
Quote:
|
|
|
|
|
 |
| Thread Tools | |
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Cant contact seventeenorbust.com | Unregistered | Information & Answers | 2 | 2012-04-16 23:51 |
| Everything will be down for server upgrade | Joe O | Sierpinski/Riesel Base 5 | 2 | 2010-12-05 15:14 |
| Contact Us | Unregistered | Information & Answers | 1 | 2010-09-14 23:27 |
| Upgrade to v5 server -- v4 completion not sent | OzoneTom | Information & Answers | 3 | 2009-08-05 15:14 |
| Kerio Enterprise Firewall 6 | BranMuffin | Software | 2 | 2004-06-23 02:44 |
