Author Topic: Network Shield Ports Blocked?  (Read 5634 times)

0 Members and 1 Guest are viewing this topic.

BlitzenZeus

  • Guest
Network Shield Ports Blocked?
« on: November 17, 2004, 09:12:42 PM »
The options only show alerting, and logging.  There is noplace to see which ports its blocking, or even expand the ports it blocks.

I currently run a software firewall, and I didn't notice it was added until today.  I activated the Avast Firewall, and so far when I gave it traffic to block on purpose its only blocking port 135 so I would like to know all of the ports, and protocols it blocks.  Along with the suggestion of allowing us to see which ports/protocols it blocks, and add/delete which ports protocols it blocks.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Network Shield Ports Blocked?
« Reply #1 on: November 17, 2004, 09:15:34 PM »
Avast is not BLOCKING the port (it's not a firewall). Instead, it's scanning the network traffic for malicious code and only blocks specific ATTACKS.
If at first you don't succeed, then skydiving's not for you.

BlitzenZeus

  • Guest
Re:Network Shield Ports Blocked?
« Reply #2 on: November 17, 2004, 09:34:58 PM »
I still don't believe that its not just blocking based on the destination port number, but there is no documentation anywhere of what it blocks.  This is what I really want to know.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Network Shield Ports Blocked?
« Reply #3 on: November 17, 2004, 09:44:15 PM »
You mean the exact list of viruses/worms/exploits that it is able to detect/block?
If at first you don't succeed, then skydiving's not for you.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Network Shield Ports Blocked?
« Reply #4 on: November 17, 2004, 09:48:27 PM »
Well, what do you want to here then? Vlk answered your question... if you don't believe him, well... your bad, I'm afraid.

If it were just blocking ports, then the services using these ports wouldn't work - everything would be blocked there. You can verify that if you like... (but you'd better disable your real firewall for that).

BlitzenZeus

  • Guest
Re:Network Shield Ports Blocked?
« Reply #5 on: November 17, 2004, 09:52:32 PM »
Yes, I want to know what the IDS signatures filter, or even where I could access them on the disk in some standard format like Snort.  The documentation is very vauge about what it really blocks.
« Last Edit: November 17, 2004, 09:54:44 PM by BlitzenZeus »

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Network Shield Ports Blocked?
« Reply #6 on: November 17, 2004, 09:56:49 PM »
Quote
The documentation is very vauge about what it really blocks.


As is in the case of virus signatures isn't it? ;)

Basically, we're trying to cover all Internet worms. Such as Win32.CodeRed, Win32.SQLSlammer, Win32.Blaster, in32.Welchia (Nachi) and Win32.Sasser.
If at first you don't succeed, then skydiving's not for you.

tjmateo

  • Guest
What is blocked by the Network Shield!?
« Reply #7 on: November 17, 2004, 09:58:14 PM »
I want to know too!
What does Avast Network Shield protect from? Specificly!
What kind of attacks does it takes care?

lee16

  • Guest
Re:Network Shield Ports Blocked?
« Reply #8 on: November 17, 2004, 10:07:56 PM »
Quote
What does Avast Network Shield protect from? Specificly!

As Vik just said, its trying to protect you from all internet/network worms such as "Win32.CodeRed, Win32.SQLSlammer, Win32.Blaster, in32.Welchia (Nachi) and Win32.Sasser" ect

Quote
What kind of attacks does it takes care?

DCOM attacks

--lee


BlitzenZeus

  • Guest
Re:Network Shield Ports Blocked?
« Reply #9 on: November 17, 2004, 10:13:54 PM »
A comprehensive list of its IDS filters would be nice.  Other IDS programs make their list available, and even allow you to export/import them.  However, even though you could update them with every update, it would still be nice to know what they are protecting user from, and controls to prevent possible false positives.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Network Shield Ports Blocked?
« Reply #10 on: November 17, 2004, 10:19:19 PM »
I think it will not happen.
The Network Shield signatures are simply part of the virus database. The virus samples for the "ordinary viruses" are also not possible to extract/modify.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Network Shield Ports Blocked?
« Reply #11 on: November 17, 2004, 10:21:00 PM »
BZ, you're basically right, I see your point. Let me just say this: the Network Shield is currently in v1. We're planning to add a number of features/enhancements to it in the future, and a comprehensive documentation / list of signatures should definitely be one of them.

Cheers
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Network Shield Ports Blocked?
« Reply #12 on: November 17, 2004, 10:22:28 PM »
Hehe, an extraordinarily united attitude of the team showed up... ;D
If at first you don't succeed, then skydiving's not for you.

BlitzenZeus

  • Guest
Re:Network Shield Ports Blocked?
« Reply #13 on: November 17, 2004, 10:40:11 PM »
Thanks, hopefully at least the list of just the IDS signatures will be added somewhere in the program.

I've dealt with other so-called IDS programs, and in reality they only just blocked packets based on their destination, not their content as I have found many had mostly false positives on legit traffic.  Its nice to see IDS filters used correctly, and not just port blocking.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Network Shield Ports Blocked?
« Reply #14 on: November 17, 2004, 10:41:48 PM »
Network Shield is definitely not a port blocker. The signatures are pretty long and are scanned for only in the relevant data streams (port numbers etc).

Cheers
Vlk
If at first you don't succeed, then skydiving's not for you.