Do I really need a firewall?

I just switched over from dial-up to DSL service. I’ve Googled up some articles articles on whether or not I should install a firewall, and some info I’ve gathered varies.

If I unplug the connection going to the phone line when I’m not on the internet, does my risk of being attacked become equivalent to what it was when I had dial-up?

If you unplug your connection you are no longer connected and safe. I would put a firewall in your setup either with a router or a software firewall like ZoneAlarm or Sygate. Try running a port scan here at DSL Reports and see if the results leave your computer vunerable.

Part of the increased risk of compromise with an always on connection is that you’re always on, so disconnecting when you’re not on does limit the amount of time that you’re susceptible.

But that’s hardly protection; you only have to be on when someone’s trying to penetrate your system, or go to a website that wants to give you something.

Zone Alarm is a freebie firewall. Download and install it, and you’ll probably be surprised at how often it tells you that strangers have come a-sniffin’.

As a follow-up ZoneAlarm will also allow you to set what programs access the Internet **from ** your computer.

Thanks for the info folks.

Toddly, on the link you provided it mentioned you should have a firewall or a router. I do have a router. The portscan results were this:
Conclusion: Healthy Setup! We could detect nothing interesting on any of the default ports on your IP address. Your computer appears to be a hard target. Well done!
FILTERED No response (open or closed) to an open request was received.
FILTERED No response (open or closed) to an open request was received.

Did my computer do well on the test because of the router? Since I have a hard target, can a forgo getting a firewall?

A router does provide a hardware firewall. It looks like your router is doing fine. I still like ZoneAlarm because of the programs that want to get out to the Internet. You would be surprised how many want to access the Internet for who knows what. I run a router with ZoneAlarm. ZoneAlarm doesn’t use much resources and sets up pretty easy.

What always bothers me about the dsl reports scan is that it tells me I have no open ports, when I know bloody well I’m running a web server and an ftp server on this machine, and it should find them on 21 and 80.

You might want to try the grc “Shields Up” scan, a couple of clicks away at:

Steve Gibson is often regarded, perhaps with some justification, as a crank, but I like the Shields Up test. Let it poke your file sharing as well as your ports. That test at least tells me I have 21 and 80 open and yammers about what a bad idea my servers are while telling me the OTHERS it tested have no response.

You may still wish to stick ZoneAlarm on for the outgoing monitoring features mentioned by Toddly, but your router should indeed be taking care of incoming requests.

I found ZoneAlarm didn’t work with a lot of my games and crashed a lot. My router has a hardware firewall and all the scans report it’s fine. That said, I consider myself a fairly advanced user and regularly check for spyware, malware, and other nasty stuff. I would say it depends on your skill and how much time you want to put into it.

All my reports were fine too, except for one. I tried the “Shield Up” scan that yabob provided a link for, and passed all tests except for this one:

Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since “Ping” is among the oldest and most common methods used to locate systems prior to further exploitation.

Is it necessary to get a firewall because of this alone?

For a lot of the online games, a problem with freeware ZoneAlarm is that it blocks ICMP pings, and cannot be configured to allow them. I’ve always thought that they deliberately used that feature as an inducement to buy the “pro” version, which lets you permit them. For many people, it won’t matter, but it can be real trouble for some applications.

hmmm. x-ray vision’s message came through while I was reviewing this - the ICMP pings DO let somebody know your machine is actually there, as grc suggests. How badly you want to be completely “invisible” is your decision. As I said, not being able to ping may hamper some applications, and if you want to use one, ZoneAlarm won’t play nice with it.

Ah, yes. Ping answers.

Did you know that a ping answer is enough for someone to use your address to do a port scan of someone else’s PC?

In every packet that is sent out, there is a number that gets incremented with each packet. It starts out, and with every packet, that number goes up.

Someone finds out you are online, and your address. He then shoots a port scan at someone else, and pings you at the same time. He continuosly pings you as he does his ports scan. Any skip in the packet numbers means that your PC answered another packet in between his pings - this means that your PC has gotten an answer to one of his port scan packets. With careful coordination (done by his port scan software,) the bad guy can narrow down and eventually find out which port on his targeted PC is open - and you have helped simply by answering his pings.

Not having a good firewall is a hazard not only to you, but to other internet users as well.

Sorry, I should have mentioned. The attacker sends packets with your address on them. Since answers get directed to your address, the attacker uses the ping and the counter to tell when his target has answered.

Yes. The newly released upgrade has caused problems on both my PC and my wife’s. Lucky for us, I still have the install file for the previous version, so I uninstalled the upgrade and reinstalled the previous one and am back to having no problems. The program still bugs me regularly to upgrade, which is a pain.

I don’t know if you can download the previous version from the Zonelabs site, but I’d recommend it over the newest one.

Does it crash when you try to play a game and it switches back to Desktop so you can answer the dialog box of whether or not to allow the game access through the firewall?

If so, try adding the exe of game manually in Program Control screen of Zone Alarm.

I don’t have a firewall(*) on my computer and don’t have any problems. No anti-virus, either. :slight_smile:

(* = Well, it’s there, it’s just not turned on…)

No. The game’s .exe was already added to the programs screen and was retained as part of the upgrade, but the program would not in fact start up. Like I said, I uninstalled the upgrade and reinstalled the previous version, and my problems ended.

Are you talking about the Sequence field in the ICMP header? (RFC 791). I’m gonna check this with tcpdump, as I’ve never heard of this style of scan before.


Hey, it’s worked for me for the last eleven years… :wink:

If you’re running winXP, turn on the firewall.