I've been thinking about getting a firewall installed on my computer but don't know the basics of them. What do they do? I use WinMx and eDonkey but I've noticed on the eDonkey forums that people want to find out how to turn them off. Why would you want to turn them off? do you use them and if so what brands are better?


Thanks for you help

Here's a thread I made a while back it has some pretty good info on choosing a firewall and its features... Whats The Best Firewall ? (http://zeropaid.com/bbs/showthread.php?s=&threadid=5981&perpage=15&pagenumber=1)

A firewall is a program that closes all ports. After it is installed, you then define which ports, ips, and or programs have inbound/outbound access. (Its alot easier than it reads or sounds)

In the beginning after you install the firewall, when a program wants to access the internet, the firewall will prompt the name of the program and require that you give the program 'authorization'.

CHOICES IN THIS AREA ARE:

Allow Outbound ONLY
Allow Inbound/Outbound Access
DENY or BLOCK

Some programs may only have outbound access only, but not inbound. Example: A port scanner requires only outbound access to scan different ports of the internet but doesnt need inbound access because the ports he is scanning isnt sending any files or programs back to him.

ICQ, which is a SERVER/HOST program requires both inbound/outbound access. You can send files and also receive files and data on ICQ.

Also, note that 2 computers who individually have a firewall CANNOT SHARE P2P.

You will get a lot more findings when conducting a search when your firewall is down, however that is a major security risk.

Many people attach virii, trojan, or plugins to the files that you download, especially on KaZaA, but also on Emule or Edonkey.

This means if you downloaded an infected trojan file, that the program you downloaded, for example "PHOTOSHOP", when executed, sets off a hidden trojan program that has a secretely attached or binded file that will seek access to the internet and if it gets to the internet, its purpose is to secretely connect to ICQ or an email server (you wont see it happening cause the connections it makes dont appear on your screen!) and send a message to the person that set it there telling him that you are currently online on the internet, your IP address, and will give him full access to hack into your computer.

When ever your firewall asks you if you want to grant access to a program to connect to the internet, MAKE SURE YOU RECOGNIZE THE PROGRAM!

I use WinMx and eDonkey but I've noticed on the eDonkey forums that people want to find out how to turn them off.
Basically edonkey connects to your computer instead of your computer connecting to it like most p2p programs do. It is kinda backwards and it usually doesn't work if you have a firewall. In other words you get a LOW ID and if you ID is too low, you will have a hard time connecting. I have that problem but after a few tries I am able to connect and it only takes about 30 seconds. I will not say anything more about firewalls because I think Monyak covered everything.

Thank you so much for your help. I have been downloading files music mainly for the past couple of months and have well over a hundred files so far. I just discovered zeropaid a month ago. I have found the site to be of great help in everything I ever needed to know about file sharing.

I'm sure you'll learn alot here at ZP.

I ended up downloading ZoneAlarm and am glad I did. Since I installed last night it has blocked 72 intrusions into my computer. I find this kinda odd. They have been the red hacker alert blocks. So it seems there really was a problem. Last night i was simply writing an email using outlook and there was a least 11 trys while I was writing that email, I didn't have any other programs open except my connection to the internet. Is this really a hacker job? Makes me wonder how many times this person has gotten into my system before.

Serenity

Originally posted by serenity-335
I ended up downloading ZoneAlarm and am glad I did. Since I installed last night it has blocked 72 intrusions into my computer. I find this kinda odd. They have been the red hacker alert blocks. So it seems there really was a problem. Last night i was simply writing an email using outlook and there was a least 11 trys while I was writing that email, I didn't have any other programs open except my connection to the internet. Is this really a hacker job? Makes me wonder how many times this person has gotten into my system before.

Serenity
I think they are just port scans

Originally posted by serenity-335
I ended up downloading ZoneAlarm and am glad I did. Since I installed last night it has blocked 72 intrusions into my computer. I find this kinda odd. They have been the red hacker alert blocks. So it seems there really was a problem. Last night i was simply writing an email using outlook and there was a least 11 trys while I was writing that email, I didn't have any other programs open except my connection to the internet. Is this really a hacker job? Makes me wonder how many times this person has gotten into my system before.

Set both Security Zones to Medium, you wont see the scan alerts anymore. They will still be blocked, you just wont be notified.

Serenity, there are a lot of things that get classified as "intrusions" that are not. Don't get to worried. For instance if you are on a network, other machines will "ping" to see who's on the LAN with them. This is harmless, and ZAPRO may or may not reply to the ping depending on your settings, but will log it as an attempted intrusion. SETTING ARE EVERYTHING, so check out how to set it up, there are good tutorials out there,
.
Since last night I have been using a software called Visuallzone from http://visualize.phenominet.com/visualzone/visualzone.htm
It's just a log viewer that allows you to review your ZA PRO log, Run whois on IP's, backrtrace ip's at the DNS or NETBIOS level, and a whole host of other stuff including report data to the DSHIELD project for their worldwide intrusion alert system. Take a look if you want to know what those pop up "IP Blocked" thigns mean.

Also I think it was Krell who posted a link to SHIELDS UP which is a good way to see if your setup is working.

Thanks for your tips. I was a little worried when I saw how many blocked messages there were. I have since checked the don't show this window anymore option. I'm not on a lan, I'm on my pc at home. So port scans kinda have me a little freaked out.

A friend told me that people where scanning my ports to see when they were open to use them to their advantage.

A few days ago before I installed the firewall I found out that someone had used my email to send a virus in the form of a picture. No one in my household is smart enough to know how to create or even send a virus.

Originally posted by serenity-335
So port scans kinda have me a little freaked out.

A friend told me that people where scanning my ports to see when they were open to use them to their advantage.

A few days ago before I installed the firewall I found out that someone had used my email to send a virus in the form of a picture. No one in my household is smart enough to know how to create or even send a virus.

I think that would scare me too.! You might also want to run a few trojan / worm removal tools as well, as if someone is using your email to propagate a virus, it kinda sounds like a trojan/worm where they already have accesst to your PC.

Do you have AV running? When I had a trojan about a 14 months ago, the only way I knew anything was wrong was I tried to switch AV programs, and it wouldn't load. Kept "roling back" the install. Sure ennough trojan. And there was no noticable performance loss, but someone was workin from the inside.

It is a pain in the ass to set up a good secure system, but why not, you'll learn something along the way, like I did, guys here will help you out and you'll be far more hidden then most.

Many times we feel safe when having no firewalls, because we wont get any alerts.

Then we install a firewall, because everywhere reads that it is a must to have. Then becomes the logging / messaging bombing before you even get the FW configured well.

This is the point when the fear begins - at first time we see the cruel world around us and those hundreds of port-scan attempts, pings and the presense of the outbound meta-traffic pointing to our PC's...

But no worry, just be happy. I know it's hard when starting (especially ZoneAlarm is quite a Kinky, it should be configured with all outbound traffic closed - in XP it's easy by disabling the network interface temporarily). I use Sygate's Personal Firewall Pro, it's far easier to start with it. Just decide app by app, port by port "who" can access internet and "who" not. A good practice is that if U're not sure, do not check the "remember my answer" - do it later when you are sure of the app.

I maybe a bit paranoid, but I have the FW, then NAV2k3 Prof. and RAV8 antivirus both filtering the incoming data and they fit just fine together. Then I have "ProtectX Hacker Defence Suite Pro" running at background monitoring all known trojan ports (it really have helped me many times with port/telnet etc attacs).
AND to be more skepticalI have Ad-Aware 6.0 Prof., Anti-Trojan, Trojan Remover and Spy-Bots Search & Destroy.

With this combination I have been able to be without attacks/viruses for 4 months now. And no-one is spying me anymore.

As an addition I also installed one week ago "primedius TCP-tunneling suite" that has quite a nice effects. It makes my traffic secred so that even my ISP wont see where I browse, what I send/receive and what "pseodo-ip" I use.....

When I first installed XP and ADSL to it, I had the XP's own FW as an only shield and that was like not having shield at all (becides I've been warned, that it is GatesWarez Spy-application sendind "statistical" information to microsoft in certain intervalls - I had to get a packet sniffer to prove it and Yes, it really sent info to MS at certain interwalls about my (illegal) serial and info about installed apps etc...

One OverShielded but happy P2P-user (that's me...)

:sw :sw :sw

Basically a firewall not only closes all ports (until you allow a port, IP, or program to open it) but also monitors any traffic that comes your way. If the traffic is not recognized, then it is considered to be an 'alert'. Some of it is nothing more than a ping. But its good cause you know and get a sense of who is around you, I mean a network will sometimes check a static ip listing of everybody from 000-255 to see who is their 'next door neighbor'

Basically a firewall not only closes all ports (until you allow a port, IP, or program to open it) but also monitors any traffic that comes your way. If the traffic is not recognized, then it is considered to be an 'alert'. Some of it is nothing more than a ping. But its good cause you know and get a sense of who is around you, I mean a network will sometimes check a static ip listing of everybody from 000-255 to see who is their 'next door neighbor'

Basically a firewall not only closes all ports (until you allow a port, IP, or program to open it) but also monitors any traffic that comes your way. If the traffic is not recognized, then it is considered to be an 'alert'. Some of it is nothing more than a ping. But its good cause you know and get a sense of who is around you, I mean a network will sometimes check a static ip listing of everybody from 000-255 to see who is their 'next door neighbor'

Originally posted by Versacity
Basically a firewall not only closes all ports (until you allow a port, IP, or program to open it) but also monitors any traffic that comes your way. If the traffic is not recognized, then it is considered to be an 'alert'. Some of it is nothing more than a ping. But its good cause you know and get a sense of who is around you, I mean a network will sometimes check a static ip listing of everybody from 000-255 to see who is their 'next door neighbor'

You Seemed to send this notification 3 times - good...;-)

Not let's make it 4 :mellow

:sw :sw :sw