Outpost firewall pro is bad?
sir_carewDecember 6th, 2003, 10:02 PMHello,
I installed the 2.0 version of Outpost Firewall PRO on my Win XP system.
I test it using many test like the Sygate test. In the quick scanner, all appear Stealth :), but when I click in the Stealth scanner, all ports appear closed and NOT Stealth >:(
With Za pro and Sygate, the stealth test, all ports appear stealth. I also make rules for svchost, netbios, etc for block the open ports.
Why happend it?, is outpost a bad firewall?
Thanks.MorgothDecember 6th, 2003, 10:47 PMOutpost is FAR from being a bad firewall. I occasionally use it myself & like all recent firewall it is designed to withstand all types of scans, from standard to stealth (SYN).
However I'm not too familiar with it either. It gobbles a lot of resources (almost as much as ZA), and despite its nice user-interface it is not that user-friendly, however it has an extra feature: flash popup blocking.
And as for it not blocking the stealth probes, I guess the DEFAULT (out-of-the-box) setup is inadequate - U will need to reconfigure its parameters, that's all ;)mvduDecember 6th, 2003, 10:53 PMI never have a problem being stealthed on Outpost's default settings - try at other scan sites.optigrabDecember 6th, 2003, 11:26 PMHi Sir_carew
I had the same problem. Please see these two threads over at the Outpost forum:
this one (http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=8656) and this one (http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=8655)
If your issue is the same as mine, it will be resolved by disabling the default DNS resolving rule and creating one specifically for your ISP's DNS server(s).
My Outpost configuration passes all Sygate scans now (as well as PCFlank, ShieldsUp!!, etc.). Let me know how it works out.
Regards,
Optigrabsir_carewDecember 7th, 2003, 02:57 AMHi,
Thanks for you reply, I disable all the defaults rule that said: Allow... and now in the Sygate site, in the stealth scanner, it show all of my ports stealth, except ??? the port 80 and the port 1304. the problem is fixed in a 90 % with those rules disabled (obviously the rule that said: block... are enabled) the most of my ports are stealth. I try to make many rule blocking port 80 and 1304 (both, local and remote), etc and nothing.
>creating one specifically for your ISP's DNS server(s)
I don't understand you, I disabled the allow rule.
Thanks and please help me.ellison64December 7th, 2003, 08:39 AMYou can just put your servers Ip address in there.For example this would be the rule for FREESERVE (a U.K ISP)
where the specified protocol is ....UDP
where the specified remote host is......195.92.195.95,195.92.195.94
Where the remote port is.....DNS
Allow it
The "remote hosts" are freeserves (yours will be different if you dont use freeserve) IP numbers .To find out your ISP NUMBER/S .Type in winipcfg.exe (W98) or ipconfig ( XP) in start >run...then click "more info" and you will see DNS Servers.Click the little dotted square box next to it and in case you have more than one number.Then you can put your numbers in the rule.If there are more than one Ip address ..seperate them with a comma as above.To put in the above rule click options>system>global apllication and system rules>settings>add a rule (or you can edit the existing "allow dns resolving" to reflect the above rule)
ellisonoptigrabDecember 7th, 2003, 08:51 AMHi sir_carew,
{QUOTE-> quoting: sir_carew link=board=23;threadid=17414;start=0#msg107664 date=1070783850]
I disable all the defaults rule that said: Allow... <-QUOTE}
I don't think you need to disable every default rule that says "Allow..."
{QUOTE-> quoting: sir_carew link=board=23;threadid=17414;start=0#msg107664 date=1070783850]
>creating one specifically for your ISP's DNS server(s)
I don't understand you, I disabled the allow rule. <-QUOTE}
What I had in mind was unchecking these two default rules:
Allow DNS resolving (TCP)
Allow DNS resolving (UDP)
The problem is that you need to allow some sort of DNS resolving. This helps your internet-enabled programs (e.g. browsers, AV's auto update, etc.) find an IP address from a URL / domain name. Typically, your internet connection sends DNS resolving inquiries to the DNS servers of your ISP. The defualt rules above merely allow this.
In my configuration, I have custom made rules that ONLY allows DNS resolving from my ISP's DNS servers, nowhere else. These rules are restrictive enough to pass the Sygate Stealth scan, which I could not completely do with the default rules. My rules are shown at the bottom of this thread. (http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=8656)
In order to create such a rule, you need to know the IP address of your ISP's DNS servers. I found mine using IPCONFIG/all in the command prompt.
The Moderators at the Outpost forum recommend a different approach for "maximum security". They recommend writing a DNS resolving rule, like mine above, for each specific application thay you would allow to access the internet. For example, "DNS resolving rule for IE only" and "DNS resolving rule for NOD32 update only", etc. The idea is that no program (or trojan) and possibly "phone home" if it does not have a DNS resolving rule that permits it.
My concern for you is that you disabled the default DNS resolving rules, but did not replace them with custom rules, yet you are still surfing the net(?). I'm not sure what's happening there. The only way to know is to see all your "global rules" and your application rules.
If you disabled every default rule that says "Allow...", that means you disabled:
>Allow loopback (generally a good safe move - I had to write a specific rule to allow Mozilla to loopback).
>Allow GRE protocol (I still have this enabled, and have seen no recommendation against it on the Outpost forum)
>Allow PPTP control connection (not sure, but I believe this is needed, and I have seen no recommendation against it on the Outpost forum).
>Allow Outgoing DHCP (the Mods on the Outpost forum recommend KEEPING the default global rule for best results).
IMO, you should get these Global Rules set up properly, then please re-examine your specific rules for your applications. Make good use of the search function at the Outpost forum, since they already have answers to just about any questions you might have regarding the default rules and passing the various online security scans.
I am happy to continue to help, too, but I am certain I am not the most knowledge person you can find. Let us know how you are doing.
Regards,
OptigrabCrazyMDecember 7th, 2003, 04:37 PM{QUOTE-> quoting: optigrab link=board=23;threadid=17414;start=0#msg107687 date=1070805088]
If you disabled every default rule that says "Allow...", that means you disabled:
>Allow loopback (generally a good safe move - I had to write a specific rule to allow Mozilla to loopback). <-QUOTE}
A global loopback rule is usually OK. However, if you use a local proxy program like Proxomitron through which other applications can access the Internet, then you may want to consider modifying localhost (loopback) access.
{QUOTE-> >Allow GRE protocol (I still have this enabled, and have seen no recommendation against it on the Outpost forum)
>Allow PPTP control connection (not sure, but I believe this is needed, and I have seen no recommendation against it on the Outpost forum). <-QUOTE}
These protocols are generally used in VPN connections. If you are not using VPN you could safely disable these rules and activate if and when required.
{QUOTE-> >Allow Outgoing DHCP (the Mods on the Outpost forum recommend KEEPING the default global rule for best results). <-QUOTE}
If you have a dynamic WAN IP, then you will require this rule in order to obtain your IP from your ISP's DHCP server. Bootpc/Bootps rules can be customized.
Regards,
CrazyMsMEaGoDecember 7th, 2003, 05:08 PMhello ,
try this site,if the result is closed,I'm sorry i can't help you
http://grc.com/x/ne.dll?rh1dkyd2
or
http://www.pcflank.com
OBS: go to the Outpost's support, http://www.agnitum.com/support
Sorry about my English :-[
I installed the 2.0 version of Outpost Firewall PRO on my Win XP system.
I test it using many test like the Sygate test. In the quick scanner, all appear Stealth :), but when I click in the Stealth scanner, all ports appear closed and NOT Stealth >:(
With Za pro and Sygate, the stealth test, all ports appear stealth. I also make rules for svchost, netbios, etc for block the open ports.
Why happend it?, is outpost a bad firewall?
Thanks.MorgothDecember 6th, 2003, 10:47 PMOutpost is FAR from being a bad firewall. I occasionally use it myself & like all recent firewall it is designed to withstand all types of scans, from standard to stealth (SYN).
However I'm not too familiar with it either. It gobbles a lot of resources (almost as much as ZA), and despite its nice user-interface it is not that user-friendly, however it has an extra feature: flash popup blocking.
And as for it not blocking the stealth probes, I guess the DEFAULT (out-of-the-box) setup is inadequate - U will need to reconfigure its parameters, that's all ;)mvduDecember 6th, 2003, 10:53 PMI never have a problem being stealthed on Outpost's default settings - try at other scan sites.optigrabDecember 6th, 2003, 11:26 PMHi Sir_carew
I had the same problem. Please see these two threads over at the Outpost forum:
this one (http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=8656) and this one (http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=8655)
If your issue is the same as mine, it will be resolved by disabling the default DNS resolving rule and creating one specifically for your ISP's DNS server(s).
My Outpost configuration passes all Sygate scans now (as well as PCFlank, ShieldsUp!!, etc.). Let me know how it works out.
Regards,
Optigrabsir_carewDecember 7th, 2003, 02:57 AMHi,
Thanks for you reply, I disable all the defaults rule that said: Allow... and now in the Sygate site, in the stealth scanner, it show all of my ports stealth, except ??? the port 80 and the port 1304. the problem is fixed in a 90 % with those rules disabled (obviously the rule that said: block... are enabled) the most of my ports are stealth. I try to make many rule blocking port 80 and 1304 (both, local and remote), etc and nothing.
>creating one specifically for your ISP's DNS server(s)
I don't understand you, I disabled the allow rule.
Thanks and please help me.ellison64December 7th, 2003, 08:39 AMYou can just put your servers Ip address in there.For example this would be the rule for FREESERVE (a U.K ISP)
where the specified protocol is ....UDP
where the specified remote host is......195.92.195.95,195.92.195.94
Where the remote port is.....DNS
Allow it
The "remote hosts" are freeserves (yours will be different if you dont use freeserve) IP numbers .To find out your ISP NUMBER/S .Type in winipcfg.exe (W98) or ipconfig ( XP) in start >run...then click "more info" and you will see DNS Servers.Click the little dotted square box next to it and in case you have more than one number.Then you can put your numbers in the rule.If there are more than one Ip address ..seperate them with a comma as above.To put in the above rule click options>system>global apllication and system rules>settings>add a rule (or you can edit the existing "allow dns resolving" to reflect the above rule)
ellisonoptigrabDecember 7th, 2003, 08:51 AMHi sir_carew,
{QUOTE-> quoting: sir_carew link=board=23;threadid=17414;start=0#msg107664 date=1070783850]
I disable all the defaults rule that said: Allow... <-QUOTE}
I don't think you need to disable every default rule that says "Allow..."
{QUOTE-> quoting: sir_carew link=board=23;threadid=17414;start=0#msg107664 date=1070783850]
>creating one specifically for your ISP's DNS server(s)
I don't understand you, I disabled the allow rule. <-QUOTE}
What I had in mind was unchecking these two default rules:
Allow DNS resolving (TCP)
Allow DNS resolving (UDP)
The problem is that you need to allow some sort of DNS resolving. This helps your internet-enabled programs (e.g. browsers, AV's auto update, etc.) find an IP address from a URL / domain name. Typically, your internet connection sends DNS resolving inquiries to the DNS servers of your ISP. The defualt rules above merely allow this.
In my configuration, I have custom made rules that ONLY allows DNS resolving from my ISP's DNS servers, nowhere else. These rules are restrictive enough to pass the Sygate Stealth scan, which I could not completely do with the default rules. My rules are shown at the bottom of this thread. (http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=8656)
In order to create such a rule, you need to know the IP address of your ISP's DNS servers. I found mine using IPCONFIG/all in the command prompt.
The Moderators at the Outpost forum recommend a different approach for "maximum security". They recommend writing a DNS resolving rule, like mine above, for each specific application thay you would allow to access the internet. For example, "DNS resolving rule for IE only" and "DNS resolving rule for NOD32 update only", etc. The idea is that no program (or trojan) and possibly "phone home" if it does not have a DNS resolving rule that permits it.
My concern for you is that you disabled the default DNS resolving rules, but did not replace them with custom rules, yet you are still surfing the net(?). I'm not sure what's happening there. The only way to know is to see all your "global rules" and your application rules.
If you disabled every default rule that says "Allow...", that means you disabled:
>Allow loopback (generally a good safe move - I had to write a specific rule to allow Mozilla to loopback).
>Allow GRE protocol (I still have this enabled, and have seen no recommendation against it on the Outpost forum)
>Allow PPTP control connection (not sure, but I believe this is needed, and I have seen no recommendation against it on the Outpost forum).
>Allow Outgoing DHCP (the Mods on the Outpost forum recommend KEEPING the default global rule for best results).
IMO, you should get these Global Rules set up properly, then please re-examine your specific rules for your applications. Make good use of the search function at the Outpost forum, since they already have answers to just about any questions you might have regarding the default rules and passing the various online security scans.
I am happy to continue to help, too, but I am certain I am not the most knowledge person you can find. Let us know how you are doing.
Regards,
OptigrabCrazyMDecember 7th, 2003, 04:37 PM{QUOTE-> quoting: optigrab link=board=23;threadid=17414;start=0#msg107687 date=1070805088]
If you disabled every default rule that says "Allow...", that means you disabled:
>Allow loopback (generally a good safe move - I had to write a specific rule to allow Mozilla to loopback). <-QUOTE}
A global loopback rule is usually OK. However, if you use a local proxy program like Proxomitron through which other applications can access the Internet, then you may want to consider modifying localhost (loopback) access.
{QUOTE-> >Allow GRE protocol (I still have this enabled, and have seen no recommendation against it on the Outpost forum)
>Allow PPTP control connection (not sure, but I believe this is needed, and I have seen no recommendation against it on the Outpost forum). <-QUOTE}
These protocols are generally used in VPN connections. If you are not using VPN you could safely disable these rules and activate if and when required.
{QUOTE-> >Allow Outgoing DHCP (the Mods on the Outpost forum recommend KEEPING the default global rule for best results). <-QUOTE}
If you have a dynamic WAN IP, then you will require this rule in order to obtain your IP from your ISP's DHCP server. Bootpc/Bootps rules can be customized.
Regards,
CrazyMsMEaGoDecember 7th, 2003, 05:08 PMhello ,
try this site,if the result is closed,I'm sorry i can't help you
http://grc.com/x/ne.dll?rh1dkyd2
or
http://www.pcflank.com
OBS: go to the Outpost's support, http://www.agnitum.com/support
Sorry about my English :-[