ZoneAlarm Pro is firewall for Windows home-users. The following was tested with ZoneAlarm Pro latest version: 2.6.357 I`m not sure if it also works with the free version but I can't imagine why it wouldn't. Similair to Internet Explorer ZoneAlarm Pro (ZAP) has security settings for Local and Internet. However ZAP in certain cases classifies connections as Local when they really aren't Local. All connections that have the same 2 octets as your IP (ex. Your ip 123.123.123.123 -> 123.123.*.*) are also considered Local. This means everyone on with the same two first octet's of your IP can connect to your computer under local level security settings instead of the internet level security settings. With default settings this will expose your computer and all it's ports plus opening and allow access to windows services and shares. Users to customize local level security to allow (and block) whatever they want. How did I discover this? I installed a webserver and asked some friends to view some pages but they weren't able to connect. Zone Alarm Pro blocked the http port I found out. But this surprised me since I viewed my http.acces and http.error logife before I enabeled port 80 in ZAP and already had a lot of requests from servers infected with nimba. After looking at the IP's the first two octets were all the same.. the same as mine. Philip Wagenaar The Netherlands philip@netlogics.nl
