Bugtraq mailing list archives
Re: ZoneAlarm Pro Local Internet not only Locally!
From: Justin Morgan <jmorgan () zonelabs com>
Date: 13 Nov 2001 00:36:58 -0000
Mailer: SecurityFocus In-Reply-To: <000001c16693$de35fbb0$5241bbd4@www> Hi, As a technical support engineer for ZoneLabs I just wanted to let all of you know that this report is missing something important. ZoneAlarm has two zones, the internet and the local zone. Any networks which are checked in the local zone are considered trusted, and all network traffic from those addresses will be allowed through the firewall. As an end-user it is EXTREMELY important you only add addresses to your local zone that you trust. This would be your LAN addresses and no others generally. ZoneAlarm Pro asks you if you would like to trust the network you connect to whenever you get DHCP from a new DHCP server. If you are connected to the internet answer NO to this question when it comes up. If you follow these guidelines you will not be open as described below. Best regards, Zone Labs Support
ZoneAlarm Pro is firewall for Windows home-users. The following was tested with ZoneAlarm Pro latest
version: 2.6.357
I`m not sure if it also works with the free version but
I can't imagine
why it wouldn't. Similair to Internet Explorer ZoneAlarm Pro (ZAP)
has security settings
for Local and Internet. However ZAP in certain cases classifies
connections as Local when they
really aren't Local. All connections that have the
same 2 octets as your
IP (ex. Your ip 123.123.123.123 -> 123.123.*.*) are
also considered
Local. This means everyone on with the same two first
octet's of your IP can
connect to your computer under local level security
settings instead of
the internet level security settings. With default settings this will expose your computer
and all it's ports
plus opening and allow access to windows services
and shares. Users to
customize local level security to allow (and block)
whatever they want.
How did I discover this? I installed a webserver and asked some friends to
view some pages but
they weren't able to connect. Zone Alarm Pro
blocked the http port I
found out. But this surprised me since I viewed my
http.acces and
http.error logife before I enabeled port 80 in ZAP and
already had a lot
of requests from servers infected with nimba. After
looking at the IP's
the first two octets were all the same.. the same as
mine.
Philip Wagenaar The Netherlands philip () netlogics nl
Current thread:
- ZoneAlarm Pro Local Internet not only Locally! Philip Wagenaar (Nov 08)
- Re: ZoneAlarm Pro Local Internet not only Locally! Kutulu (Nov 08)
- <Possible follow-ups>
- Re: ZoneAlarm Pro Local Internet not only Locally! Justin Morgan (Nov 13)