Hi,

I have a question: "How does ZoneAlarm work?" more specific how does a firewall like ZoneAlarm block "TCP connect", "ping" and the other things like this?

Are there any specific win32 functions to perform that or it replaces certain windows .dll adding a new network functionality?

I'm asking this question not just because I want to know, but because I would like to program a simple firewall blocking pings.

Thank you in advance.
Posted on 2002-02-25 12:03:50 by Zingam
hossa,

im not shure but im also interrested in this question but i run simply out of time if i try to understand all i like :)

but what i think is:
they hook or replace the winsock.dll

atguard has some vxd files so i think it work like this:

internet ---> winsock ---> firewall.vxd -----> last is ur browser or tool u use.

i personal like to code some months a function that block all incomming connection ,only the one i set in the rule should allow.
the same like a firewall do ,but by using a firewall u need to know nothing and press only yes or no.
in my tool u need to know what u like to allow and then u never get asked about anything.......but all is theory and.....no time for it.
Posted on 2002-02-28 06:50:28 by Max
I was reading on Steve Gibson's website,
www.grc.com
that one of the reasons he recommended Zone Alarm that it was written in assembler.

Too bad, that it's not released as GPL code.

Enjoy your work, P1
Posted on 2002-02-28 12:55:21 by Pone
Pone, where did you see that about ZA being written in assembly? I dug through grc.com and couldn't find it.
Posted on 2002-02-28 19:14:15 by rdaneel
Steve Gibson = idiot, and ZoneAlarm is not written in assembler.

Anyway, ZoneAlarm uses TDI to filter packets, you can find more information on MSDN but its hard going.
Posted on 2002-04-06 12:20:11 by endeavour
Steve Gibson is the person who wants to sue Microsoft for giving Windows XP Users the same power that *Nix users have with Berkely Raw Sockets and the IP Spoofing capabilities and what not

ehheeh:P ;)

Anybdoy that wants to take away from the computing experience no matter what their reason is usually not that bright as the only way we will get smarter/better is if we max our potential and some people rise above it
Posted on 2002-04-26 11:11:35 by Volcano_88101
Steve Gibson's no idiot.
Posted on 2002-04-26 12:43:10 by Eóin
Steve Gibson's no idiot

His so called security pages go on about netbios wich isn't much of a real security threat. People who use his shields up test and find no open ports will think there system is secure.
Posted on 2002-04-26 14:09:33 by Kudos
Steve Gibson tends to be a media sensationalist, his writing style and scare
tactics tend to reflect that.
check out http://www.grcsucks.com they debunk most of his claims.

starting with nt 5 there is a driver api that
is handy for blocking packets. i'll find the name
and post later.


prs
Posted on 2002-04-26 14:36:11 by prs

Steve Gibson = idiot, and ZoneAlarm is not written in assembler

Nicely put, endeavor :).

It's so funny to read his stuff, which has big red letters,
bolded words, and a bunch of funny useless statistics. Oh,
and name dropping whenever he can do it. But he's fun, the
way he can turn a DDoS attack report into a zombie movie... *g*.
I hope anybody reading grc.com is clever enough to take
gibson's ramblings with a grain of salt.
Posted on 2002-04-28 16:19:57 by f0dder
For a firewall better then zonealarm try outpost
Posted on 2002-04-28 19:16:04 by Kudos
Now that i know how to ADD & Subtract I want to learn about the internet now. Thanks for bringing this up Zingam. I am shock about Steve Gibson ways but he still got some good stuff to learn about i think. Well at lease he was once and maybe still is dedicated.

But one funny thing.... When i went to explore that site and when i went deeper my firewall pop up at lease 4 times. Why send stuff if you telling us how to avoid stuff....Strange to me...i LIKE TermiNET20DayDEMO-GIS.exe.....TermiNET
Posted on 2002-04-29 00:10:57 by cmax
The guy's clearly no idiot, sensationalist writings aside I enjoyed reading his information on cleartype and assembly. It was his site which introduced me to assembly in the first place.

We live in a media driven world in which everything is sensationalised as it is, if you are unable to read articles or essays of that style then don't.

There's still useful info in there though.
Posted on 2002-04-29 05:49:31 by Eóin
stop argueing and insult. give some more infos about TDI or something. this has to be a friedndly forum.........
we are all humans and if we wan't help eachother who will...... ?!?!
Posted on 2002-04-29 08:57:18 by NEMO