Archived from groups: comp.security.firewalls (More info?)

Does anyone know of a free firewall that will allow inbound
connections based on the remote computers name, mac, and/or IP? (not
so much the IP as the name/mac).

The outbound connections do not have to be monitored and all other
computers that try to access the system that has the firewall and is
not in an authoized list should be blocked.

Thanks.

Archived from groups: comp.security.firewalls (More info?)

what does it need to run on, if Linux, why not use IPTables.
Is it for a gateway device or just your workstation?

"JP" <gg2.20.joep@spamgourmet.com> wrote in message
news:1b6225e5.0407091513.3b0f3006@posting.google.com...
Does anyone know of a free firewall that will allow inbound
connections based on the remote computers name, mac, and/or IP? (not
so much the IP as the name/mac).

The outbound connections do not have to be monitored and all other
computers that try to access the system that has the firewall and is
not in an authoized list should be blocked.

Thanks.

Archived from groups: comp.security.firewalls (More info?)

"JP" <gg2.20.joep@spamgourmet.com> wrote in message
news:1b6225e5.0407091513.3b0f3006@posting.google.com...
> Does anyone know of a free firewall that will allow inbound
> connections based on the remote computers name, mac, and/or IP? (not
> so much the IP as the name/mac).
>
> The outbound connections do not have to be monitored and all other
> computers that try to access the system that has the firewall and is
> not in an authoized list should be blocked.

Computer name? Pointless. Easily changed

Mac? Pointless. Not transmitted outside of the LAN

IP? The only way. Any firewall that can't block by IP is not worth the free
price.

Archived from groups: comp.security.firewalls (More info?)

"Banana" <banana@unrouteable.nowhere> wrote in message news:<ccofat$270r$1@otis.netspace.net.au>...
> what does it need to run on, if Linux, why not use IPTables.
> Is it for a gateway device or just your workstation?
>
> "JP" <gg2.20.joep@spamgourmet.com> wrote in message
> news:1b6225e5.0407091513.3b0f3006@posting.google.com...
> Does anyone know of a free firewall that will allow inbound
> connections based on the remote computers name, mac, and/or IP? (not
> so much the IP as the name/mac).
>
> The outbound connections do not have to be monitored and all other
> computers that try to access the system that has the firewall and is
> not in an authoized list should be blocked.
>
> Thanks.

It needs to run off of Windows. One that doesn't take alot of system
resources is best. It will be used for more of a gateway type.

Archived from groups: comp.security.firewalls (More info?)

"Mike" <mike@notherematey.com> wrote in message news:<ccp5oe$kbs$1@thorium.cix.co.uk>...
> "JP" <gg2.20.joep@spamgourmet.com> wrote in message
> news:1b6225e5.0407091513.3b0f3006@posting.google.com...
> > Does anyone know of a free firewall that will allow inbound
> > connections based on the remote computers name, mac, and/or IP? (not
> > so much the IP as the name/mac).
> >
> > The outbound connections do not have to be monitored and all other
> > computers that try to access the system that has the firewall and is
> > not in an authoized list should be blocked.
>
> Computer name? Pointless. Easily changed
>
> Mac? Pointless. Not transmitted outside of the LAN
>
> IP? The only way. Any firewall that can't block by IP is not worth the free
> price.


MAC - Not pointless, firewall will be inside LAN.
Computer name - Not pointless, cannot be easily changed. Only
domain/local admins can change.

Archived from groups: comp.security.firewalls (More info?)

Did you check out Outpost?

Agnitum Outpost Firewall (Free)
(Freeware) (last Freeware version) (Unsupported)
OS: Windows 9x/ME/NT/2000/XP
Languages: English (documentation in German, Hungarian, Russian and Italian)
Description: Agnitum Outpost is a personal firewall. It's standard personal
firewall features include "system and application level filtering",
"detailed information on all connections and open ports"; "predefined system
and application settings for all common tasks (browsing the web, allowing
ICQ, allowing DNS or DHCP, etc )"; a built-in log viewer; stealth mode; ICMP
filtering; NetBIOS rule creation; wizard mode for automatic rule creation;
MD5 authentication, etc. In addition, it supports plug-ins for tasks such as
Intrusion Detection, Advertisement Blocking, Content Filtering, E-mail Guard
and Privacy Control. The interface is highly customizable. For the plug-ins,
it supports online automated update against new attacks. Finally, it needs
no configuration before using and it starts protecting your system as soon
as it's installed.
Author: -- Company: Agnitum Ltd.
Home Page:
http://www.agnitum.com/
download page v1.0.1817 (OutpostInstall.exe) (2556 KB)
http://www.agnitum.com/download/outpost1.html


"JP" <gg2.20.joep@spamgourmet.com> wrote in message
news:1b6225e5.0407091513.3b0f3006@posting.google.com...
> Does anyone know of a free firewall that will allow inbound
> connections based on the remote computers name, mac, and/or IP? (not
> so much the IP as the name/mac).
>
> The outbound connections do not have to be monitored and all other
> computers that try to access the system that has the firewall and is
> not in an authoized list should be blocked.
>
> Thanks.

Archived from groups: comp.security.firewalls (More info?)

JP wrote:

> I don't have to say, "I've tried product X", because I'M ASKING FOR
> SUGGESTIONS! Ass.

Well so far I see nothing but your ranting and raving and few
suggestions. I wonder why?

Have fun and watch that blood pressure.


--

------------------------------------

Real email to mike. The header email is a spam trap and you will be
blacklisted.

Archived from groups: comp.security.firewalls (More info?)

Mike <info@michaelmoyse.co.uk> wrote in message news:<cd5e87$15p$1@thorium.cix.co.uk>...
> JP wrote:
>
> > I don't have to say, "I've tried product X", because I'M ASKING FOR
> > SUGGESTIONS! Ass.
>
> Well so far I see nothing but your ranting and raving and few
> suggestions. I wonder why?
>
> Have fun and watch that blood pressure.

I'm only ranting, and you put it, because you're trying to be an ass.
Few suggestions, probably cause you're clogging this thread. And don't
try to be the innocent party in this. You started ot, and now you see
you're wrong.

Archived from groups: comp.security.firewalls (More info?)

JP wrote:

> Mike <info@michaelmoyse.co.uk> wrote in message news:<cd5e87$15p$1@thorium.cix.co.uk>...
>
>>JP wrote:
>>
>>
>>>I don't have to say, "I've tried product X", because I'M ASKING FOR
>>>SUGGESTIONS! Ass.
>>
>>Well so far I see nothing but your ranting and raving and few
>>suggestions. I wonder why?
>>
>>Have fun and watch that blood pressure.
>
>
> I'm only ranting, and you put it, because you're trying to be an ass.
> Few suggestions, probably cause you're clogging this thread. And don't
> try to be the innocent party in this. You started ot, and now you see
> you're wrong.

Not trying to be an ass. Trying to help but you won't give any
information despite my asking several times. Instead you prefer to rant,
rave, swear at me and insult me. If anyone is clogging this thread it is
yourself with your verbal diarrhea

Actually my original post in reply to your question was not OT :-

Computer name? Pointless. Easily changed

Mac? Pointless. Not transmitted outside of the LAN

IP? The only way. Any firewall that can't block by IP is not worth the free
price.



--

------------------------------------

Real email to mike. The header email is a spam trap and you will be
blacklisted.

Archived from groups: comp.security.firewalls (More info?)

Don Kelloway wrote:
>
> "Don Kelloway" <dkelloway@commodon.com> wrote in message
> news:WFEJc.9201$sV2.2038@newsread2.news.atl.earthlink.net...

> > You cannot block an incoming connection by computer name because it
> can
> > be easily spoofed. Besides the computer name is not something that's
> > passed within an incoming packet.

Computer names are obtained by doing a reverse lookup on an IP address.

> I should have additionally stated that computer names are something that
> are only available to other computers within the same LAN.

If this name resolution occurs using DNS, it is often available throughout
the Internet. However, it is also correct (ObFirewall) that many name
services are confined to a LAN; typical examples are WINS and Windows Active
Directory. Host files are even more restricted, valid only for the machine
they are located on.

Thor

--
http://www.anta.net/

Archived from groups: comp.security.firewalls (More info?)

Don Kelloway wrote:
>
> Assuming you are referring to blocking incoming traffic from the
> Internet:
>
> You cannot block an incoming connection by MAC because the MAC of every
> single incoming packet will be exactly the same as that of the last
> router the packet was passed through.
>
> You cannot block an incoming connection by computer name because it can
> be easily spoofed. Besides the computer name is not something that's
> passed within an incoming packet.
>
> This leaves blocking incoming connections based upon IP address.

Thats what I said when I first saw the problem as presented by JP, but
it seems that JP has left some vital information out which has also lead
you to the same conclusion. Watch out because he will start swearing at
you now because you can't read his mind either.

Sits back and waits for more ranting from JP.
Maybe he will get the message that he is not giving enough information
this time.
On second thoughts, based on past performance, its probably our fault :-(



--

------------------------------------

Real email to mike. The header email is a spam trap and you will be
blacklisted.

Archived from groups: comp.security.firewalls (More info?)

On 15 Jul 2004 16:13:41 -0700, gg2.20.joep@spamgourmet.com (JP) wrote:


>> IP? The only way. Any firewall that can't block by IP is not worth the free
>> price.
>
>
>I have given plenty of information. Lets collect it.

You havent


>So it is your "verbal diarrhea" that is clogging this thread.

I suggest taking the mote out of your own eye 1st sunshine.



greg

--
Konnt ihr mich horen?
Konnt ihr mich sehen?
Konnt ihr mich fuhlen?
Ich versteh euch nicht

Archived from groups: comp.security.firewalls (More info?)

On Fri, 16 Jul 2004 05:54:24 +0300, Thor Kottelin <thor@anta.net> wrote:


>
>Computer names are obtained by doing a reverse lookup on an IP address.
>

Only for those addresses with reverse DNS entries.



greg

--
Konnt ihr mich horen?
Konnt ihr mich sehen?
Konnt ihr mich fuhlen?
Ich versteh euch nicht

Archived from groups: comp.security.firewalls (More info?)

"Thor Kottelin" <thor@anta.net> wrote in message
news:40F74360.C6B868D8@anta.net...
>
> Don Kelloway wrote:
> >
> > "Don Kelloway" <dkelloway@commodon.com> wrote in message
> > news:WFEJc.9201$sV2.2038@newsread2.news.atl.earthlink.net...
>
> > > You cannot block an incoming connection by computer name because
it
> > can
> > > be easily spoofed. Besides the computer name is not something
that's
> > > passed within an incoming packet.
>
> Computer names are obtained by doing a reverse lookup on an IP
address.
>
> > I should have additionally stated that computer names are something
that
> > are only available to other computers within the same LAN.
>
> If this name resolution occurs using DNS, it is often available
throughout
> the Internet. However, it is also correct (ObFirewall) that many name
> services are confined to a LAN; typical examples are WINS and Windows
Active
> Directory. Host files are even more restricted, valid only for the
machine
> they are located on.
>

It's my belief that when the OP refers to a 'computer name', he is
referring to a 'hostname' which is associated with the NetBIOS protocol.

If however the OP was in fact referring to using a PTR record as a
method to allow access. Yes. Performing a query against a DNS for a
PTR record is a possibility. However PTR records are not required, are
not unique and can be easily faked. It's also my belief that
configuring a firewall to allow an incoming connection based upon the
PTR record would be very secure.

--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".

Archived from groups: comp.security.firewalls (More info?)

"Don Kelloway" <dkelloway@commodon.com> wrote in message
news:r0SJc.12606$kK.4492@newsread3.news.atl.earthlink.net...
>
> It's my belief that when the OP refers to a 'computer name', he is
> referring to a 'hostname' which is associated with the NetBIOS
protocol.
>
> If however the OP was in fact referring to using a PTR record as a
> method to allow access. Yes. Performing a query against a DNS for a
> PTR record is a possibility. However PTR records are not required,
are
> not unique and can be easily faked. It's also my belief that
> configuring a firewall to allow an incoming connection based upon the
> PTR record would be very secure.
>

ACK! The last sentence should say "It's also my belief that configuring
a firewall to allow an incoming connection based upon the
PTR record would be very insecure".

--
Best regards, from Don Kelloway of Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".

Archived from groups: comp.security.firewalls (More info?)

Jp has plenty of info.. obviously he wants to seperate a computer from
the rest of the lan hes on.. via somthing easy like computername
handed out via a dns server.. since he mentions that the comp names
cannot be changed b/c of dns the names would be listed as
comp1.mylocaldomain.com which is not easy to spoof on a domain
considering that he probably has the names locked. i think theres
plenty of info here.. since this is said to be a windows network
iptables would not work as well because there might be more than one
net admin and they might have no idea how to configure and update ip
tables.. so a windows firewall is probably required.. since its on a
lan mac / comp names / a combiantion of the 2 would be best.. though
it is possible to spoof comp name and mac it will be another level of
security to get passed. if coupled with an ids that is configured
mainly for windows exploits and DoS attacks. as well as invalid name
detection it could prove highly useful.. so please stop bitching about
not having info..

Archived from groups: comp.security.firewalls (More info?)

In article <1b6225e5.0407161104.226dc543@posting.google.com>,
gg2.20.joep@spamgourmet.com says...
> And for everyone else: saying that I want a Windows firewall that
> blocks based on IP/MAC/Comp Name and has an allow list is plenty of
> information. What else could you possibly need. Do you want the
> computer model, because that doen't matter. And the services that are
> running does not matter, as Mike wanted to know. So I don't see where
> the trouble is.

You do know that I can change the MAC address on every network card in
my office, and my router, and my firewall, and the list goes on.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.firewalls (More info?)

On 16 Jul 2004 12:04:26 -0700, gg2.20.joep@spamgourmet.com (JP) wrote:


>And for everyone else: saying that I want a Windows firewall that
>blocks based on

You have been told that blocking on

> IP

Is good.

> /MAC

A waste of time

> /Comp Name

A waste of time.

> and has an allow list

Firewalls should explicitly block by default. So anything granted access is
implcitly part of an allow list.




greg

--
Konnt ihr mich horen?
Konnt ihr mich sehen?
Konnt ihr mich fuhlen?
Ich versteh euch nicht