Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stealth computers


  • Please log in to reply
9 replies to this topic

#1 B34R

B34R

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 09 January 2005 - 08:17 AM

Hey there,

I've recently come across some information pertaining to Zone Alarm and in particular its high security mode (Stealth mode). In summary, it seems that stealth mode can cause problems in a home network situation and when using a DHCP connection. It appears that in this mode the computer completely ignores a lot of incoming information rather than appearing to have closed ports. Thus giving the computer the illusion of being invisible. Can anyone comment on the validity of this information and if so so suggest a course of action since I am a user of Zonealarm.

Thanks, Col.

BC AdBot (Login to Remove)

 


#2 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:51 AM

Posted 09 January 2005 - 11:28 AM

You can set up Zones in ZA to allow local traffic.

Restore ZA
under Firewall choose zones tab
down near the bottom click on add
add your local IP's for networked computers

Click on the main tab (still under firewall)
Set Trusted zone to med (make sure internet zone stays on high)
All done

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#3 B34R

B34R
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 09 January 2005 - 01:25 PM

OK. One question though do I add a range of IP addresses which cover all possible IP addresses that may be assigned by the DHCP server? Since to my knowledge these addresses can change with time.

Cheers, Col.

#4 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:51 AM

Posted 09 January 2005 - 11:09 PM

While its true to an extent that the IP's can change,most common DHCP behavior will store the MAC address and try to assign the same IP time and again.
So my example for you is my network. A 4 port router can not give out more then 4 IP addresses. It is unlikely that the current IP's will change (unless a NIC goes bad,but you can release the MAC from the router)
So for ZA on the Windows workstations i added the IP range 192.168.1.100 - 192.168.1.105. You can usually set the beginning and end IP's the router will assign so adjusting ZA to these IP's will suffice.
My router is set to assign 100-105 IP range so regardless of anything thats plugged into the network it will get an IP and ZA is already prepared for it.

Nothing ever gets 105 IP but i have it for safe measure...like the duplicate IP problem you experienced.

In the other post you say you can see the friend computer,but he can not see you?
You are both in the same WorkGroup?

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#5 B34R

B34R
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 10 January 2005 - 06:12 AM

To my knowlege we are both part of the same workgroup. In fact I never have changed any data pertaining to the workgroup. I gather the default is always MSHOME, thus I don't think this is causing the problem. Something I would like to note is that this problem isn't limited to the current network setup. I have set up a LAN on many occasions before the present router situation. I used this setup before and after installing Zonealarm and it seemed that after installing zonealarm I became invisible to the other computers on the LAN in the same way that I am currently invisible to my friends computer. Turning zonealarm off doesn't make any difference. However after reading around it seems that when zonealarm is turned off it still runs some processes in the backround. This leads me to believe that zonealarm is the problem. I have also noticed recently that zonealarm likes to wipe information I have provided it to help it discern between trusted and non-trusted zones. For example yesterday I provided Zonealarm with the local IP's and added it to my safe zones and then last night I had trouble connecting again. So this morning I checked out my zones and my local IP's were gone. With some programs it also seems to forget that it has added them to its safe list and prompts me to allow it or block it. Why is this? What can I do to rectify these problems? Is there anything I can do? By the way thanks for the info in the last post. It was exactly what I was after!

Cheers, Col.

********************************************************

I don't mean to be picky but shudn't the range of addresses be xxx.xxx.xxx.100- xxx.xxx.xxx.104 if its 4 ip's plus one problem ip since 100-103 inclusive represents 4 ip's.

Edited by B34R, 10 January 2005 - 06:51 AM.


#6 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:51 AM

Posted 10 January 2005 - 11:51 AM

Well if you're going to be picky yes you are correct about the IP range,but my network is very unusual. It has 6 computers with all 6 behind a main router then a pair each of windows workstations behind 2 more routers. Also all my IP's are static so i dont have DHCP invovled.

router1 -> Linux server & Linux workstation
router1 -> Belkin router -> 2 windows workstations
router1 -> Netgear router -> 2 windows workstations

Here's my ZA zones...hope it helps
Posted Image

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#7 B34R

B34R
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 10 January 2005 - 02:54 PM

Sorry for being picky, just wanted to make sure I was setting up my DHCP correct thats all. Like you comp names :thumbsup: . Big Fan of the Matrix I see. I sorta understand. Not to sure what those Adapter Subnets are. Recognise some of those terms. But in all fairness my knowledge of networks and networking is quite limited at the mo. Tryin to teach myself. Are those adapters down to the complicated nature of your network? Ooh and how come you have a range where the third octet is different on the limits, doesn't this cover a very large range? By the way I've posted on the ZA forum to see whether they rectify the problems I'm experiencing. But any light you can shed on the situation would be most appreciated. After all two heads are better than one.

Col.

Edited by B34R, 10 January 2005 - 02:59 PM.


#8 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:51 AM

Posted 10 January 2005 - 06:40 PM

The adapter subnets where there when i installed ZA (its windows ME)

The weird IP in there is from a specific router for Trinity's subnet. Her router has LAN settings of x.x.2.1 and Trinity and Smith are x.x.2.37 - 2.38
The WAN side of that router uses 192.168.1.103 as its public IP but in order for me to connect ZA has to accept incoming from 192.168.2.1
The only range i used was 1.100-1.105 the rest are single addresses

By the way Neo is my server
Niobi and Ghost are 2 others on the network but are restricted from sharing with everyone else with only Morpheus being able to connect into them. But thats all handled through the Netgear router they are behind...they're not visible to the network at all.

Try entering the friend IP as a trusted address (instead of a range) and see if he can see you then.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#9 B34R

B34R
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 12 January 2005 - 05:58 AM

In the end I uninstalled ZA (clean) and still no joy. This problem appeared to start with ZA. There may however be doemthing else I have I have overlooked dissallowing file sharing on the 98 machine. My current setup uses a Motorola Surfboard, Model: SB5100i, an Origo 4 port10/100 Internet Broadband Router, Model: BRP-1400 and a netgear 4 port ethernet hub (with uplink facility), Model:EN104. Two computers are currently on the network. One uses XP (mine) and the other uses Win98 (friends). My friends computer is upstairs and since we have 2 large CAT5 cables and a hub we deicided to connect his computer to the router using these cables and the uplink facility (I was wondering whether this may affect filesharing). I am using DHCP server to assign IP's. Right now thats the setup! Anyone any ideas as to why the Windows 98 machine cannot see me yet I can see it. To me it seems that my comp is at fault since the WIn98 system seems to be filesharing. I have pinged both comps and that was a sucess, so I know there isnt a problem with the network. Internet works fine, as does playing games with me acting as server and vica versa. Just filesharing that is problem. I have already checked the basic stuff like work group and protocols. Both machines have TCP/IP enabled under the DHCP option. We both have filesharing installed. I also checked what services I had running which relate to filesharing. Found something called server. That was enabled though. What was strange though was that on the Win98 it recognised that the XP machine was accesing the network on an application called netwatch (or something like that). When I used to set up a LAN with this comp I never experienced any problems like this. I am thus very comfused. Any thought out suggestions would be warmly welcomed.

Thanks for any help, Col.

Edited by B34R, 12 January 2005 - 05:58 AM.


#10 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:03:51 AM

Posted 22 January 2005 - 08:45 AM

B34R I had a simular problem. I could see certian computer on my LAN but could not access them. I had run Network Setup several times with no luck. I recently upgraded my OS to XP pro. When I ran the Network Setup I made a 98\ME Network disk with my XP computer and ran it on my other computers, all of which are Windows ME. It worked. If you have not tried this it may be worth a try. It is sure not to hurt.


acklan
"2007 & 2008 Windows Shell/User Award"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users