[thelist] Internet Security

Kelly Hallman khallman at wrack.org
Tue Aug 12 15:49:59 CDT 2003

On Tue, 12 Aug 2003, Hershel Robinson wrote:
> Related to the subject of worms, I have a question about firewalls and
> security. I have a hardwall firewall running NAT (an Alcatel HOME ADSL
> modem/router connected to a hub to be specific) and www.grc.com told me
> that: Your system has achieved a perfect "TruStealth" rating.
> Regarding software firewalls, Sam Spade apparently feels they are somewhat
> worthless ( http://www.samspade.org/d/firewalls.html ) but I do run on my PC
> a personal firewall from Kerio.com. It is useful anyhow (as mentioned) to
> block applications from connecting out to the internet.

I agree that the best way to firewall a network is with some kind of box
for that purpose, if possible.  However, with one computer hooked up to a
broadband connection, I bet you can still achieve the TruStealth rating
with ZoneAlarm. Simply shutting off services will not (he implies this is
the same as running a so-called 'personal' firewall).

In his tirade, he makes a number of vague assertions that he does not 
provide much evidence for.  He may have his reasons, but he doesn't 
provide enough technical information to evaluate the argument.

I think it's short-sighted to create the perception that running a
personal firewall is not beneficial.  He completely leaves out the aspect
that a good personal firewall can control outbound traffic on a
per-application basis.. something a perimeter firewall will not do.

So, both is better than one, but either is better than none.

> My question is that given that I have NAT firewalling and grc.com feels that
> I am essentially invisible from the outside, how could it be that Kerio pops
> up at least once a day telling me that someone is sending me an ICMP [8]
> Echo Request, which is I believe is a ping?

I assume you don't allow pings or grc would have raised some alerts (or
you would have seen the ICMP alert when grc was testing your address).. so
it's probably coming from within your local network...?

Anyhow, it should be harmless.. you could probably disable such
notifications.  I think that's part of what Mr. Spade was getting at..
personal firewalls make people in his business annoyed because they alert
users to things that constitute normal network behavior (or at least
harmless network behavior).  Possibly, but I still run ZoneAlarm
(appropriately configured) on all the local PCs -- for the outbound.

Kelly Hallman

More information about the thelist mailing list