About | Buy Stuff | News | Products | Rants | Search | Security
Home » Resources » Software » Reviews » ZoneAlarm Pro 3.0

10 Nov 2001 22:32:31

Rick explains to Michelle.

   From: radsoft.net
     To: Michelle Delio
   Date: Sat, 10 Nov 2001 22:32:31
Subject: Subject: RE: http://news.cnet.com/news/0-1003-200-7830694.html


From our x-frame readme (with additional stuff for you thrown in):

Layering
--------
Networking occurs through four layers. The diagram below represents
these layers.

        'HELO GOODJUJU'

         -------------
        |             |
        | Application |  FTP, HTTP, POP, SMTP etc.
        |             |
         -------------
        |             |
        |  Transport  |  TCP, UDP
        |             |
         -------------
        |             |
        |   Network   |  ICMP, IGMP, IP
        |             |
         -------------
        |             |
        |    Link     |  Device Driver/NIC
        |             |
         -------------

           Modem/NIC  ------------> Out Onto The Internet (and to
           our SMTP server)

On the inbound, ZoneAlarm seems to be doing fine - knock on wood.
He's at least at the Network layer because he can pick up stray
probes. But on the outbound, he seems to be in the Transport box - a
lot higher up - and what is he doing up there? Not playing firewall,
that's for sure.

The Internet itself is _below_ the Link box. The Link box leads to
your modem, your NIC, whatever connects you - your 'adapter'.
(That's where X-frame is.)

When the application wants to get onto the Internet, it gets its
stuff sent down to the Transport level (sockets or TLI ==> TCP/UDP).
Then that level has to get to the Network level. The actual message
you want to send - remember when we played with email? With POP and
SMTP? That was text messages we sent to a server, right?

Well that was _above_ the Application level above. We typed in
stuff, we were connected on port 25, that was SMTP, that's a
protocol at the Application layer. So our messages, eg 'HELO
GOODJUJU' to identify ourselves, gets taken by the program - those
text messages got _encapsulated_. Our messages officially using the
SMTP protocol went into TCP connections (Transport layer). TCP took
our messages and put them in a block of data to send to the mail
servers.

But that's not the end. The TCP blocks, when they were ready to be
sent, had to be sent to the next layer - the Network layer. Here IP
- the Internet Protocol - took our TCP blocks (with our email
messages within) and put them in a new block - an IP block. But
still we weren't out on the net.

Nope, for now we had to go down to the adapter - the Link - level.
The stuff has to be encapsulated one more time, Ethernet for
example, to get past the adapter, through the modem, etc. and
finally out onto the Internet.

It might look like this:

     Ethernet Packet - the whole thing
   ---------------------------------------------------------------
  |      |       |    |                       |    |      |       |
  | Eth  |       |  T |   'HELO GOODJUJU'     | T  |      |  Eth  |
  |      |  IP   |  C |                       | C  |  IP  |       |
  | Eth  |       |  P |                       | P  |      |  Eth  |
  |      |       |    |                       |    |      |       |
   ---------------------------------------------------------------

What you want to send is 'HELO GOODJUJU' to identify your computer
at the start of an SMTP (email) conversation - to send email, you
remember.

Well that 'HELO GOODJUJU' gets taken by the TCP (Transport) layer
and put in a block, then that block goes inside an IP block, then
that block goes inside an Ethernet block (frame).

Then _that's_ what gets sent over the Internet.

For outbound traffic, ZoneAlarm is not sitting where it should -
between your computer and the Internet - as it should, as you would
expect it to...

A firewall is supposed to be a firewall. So a firewall blocking
outbound traffic is supposed to be like unplugging your modem - for
outbound traffic that is.

ZoneAlarm is more like a sieve...

Prev | TOC | Next

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.