Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Software for Controlling Outgoing Packets?

Posted by Cliff on from the when-firewalls-are-overkill dept.

non carborundum asks: "When using Windows I use Zonealarm because I like its ability to control outgoing packets. It's a good way to find out if some program is trying to call home. Zonealarm is much better than nothing, but 1 prefer open source solutions. Besides, it is overkill - I don't use it as a firewall, since I have a router, and it uses several megabytes of RAM. Better still would be a reverse honeypot - an app that catches outgoing requests, tests them against a database of known offending addresses and/or ports, and (optionally) tricks the offending application into thinking it has successfully phoned home. XP users in particular might be interested in such a tool."

3 of 51 comments (clear)

  1. Flame Bait by Jouni · · Score: 3, Insightful
    I think the original news post should be modded down as flamebait for the XP reference. It's quite unnecessary. It would have been a better post if there was an *actual* stated need for such a software instead of speculating about cheating on security/authentity callbacks.

    Just packet filtering won't trivially allow you to fake conversations between client software and servers anyway; it's very likely that the application wants to do much more than 'ping' the server so each solution would have to be custom made. Filtering is easy, talking back is hard.

    Most of these custom solutions would probably involve stuff like hacking EverQuest, running your own unofficial Blizzard game servers, blocking Carnivore and stopping Bill from snooping around on your hard drive.

    Now here's a controversial solution - if you are concerned about callback features, why not stick with open source software and operating systems in the first place? :-) I don't mean formatting your hard drive, as your packet filtering doesn't have to happen on the host machine. Wouldn't most people run this kind of software on the router, anyway?

    That's what people hacking EverQuest usually do, anyway. :-)

    Jouni

    --
    Jouni Mannonen | Game Designer, Consultant
    1. Re:Flame Bait by Da+VinMan · · Score: 3, Insightful

      It would have been a better post if there was an *actual* stated need for such a software instead of speculating about cheating on security/authentity callbacks.

      Perhaps you haven't had your morning coffee.

      One word for you: Spyware. Spyware is any piece of software that attempts to "phone home" without my permission. By my definition spyware includes, but is not limited to, Windows XP (for several reasons - it's the worst offender), WinAmp, Kazaa and other P2P applications, etc. Besides this, it helps me the user know just what applications are accessing the network at a given time. If I can not determine why they're accessing the network, I smack 'em down.

      In the future, outbound traffic control will be even more important to users. As far as a real firewall goes, I use an IPCop box in front of my (very small) home LAN. If you don't think that's a real firewall, I'd love to know your recommendations for home users.

      Now, go get that coffee. ;+)

      --
      Please mod this post only if you think others should/n't read this. I have enough ego^H^H^Hkarma. Thanks!
  2. Re:These packages make your windows instable by kawika · · Score: 4, Insightful

    Absolutely, you can render your system very unstable if you start using the firewall to block normal network messages. I've seen this quite often with novice users who install ZA and then block darned near everything going out of their PC. Then they're puzzled because their Internet connection doesn't work. "But thank goodness I stopped some hacker thing named 'svchost'..."

    If you don't know how to use power tools, then stop before you lose a finger.