www.netdimes.org

[andrewsullivan]

ZoneAlarm Pro 5.5.094.000

These instructions were written and tested by me, but based on upon some original investigative work by HelzBelz, so all credit to him or her for figuring out how to get it working with ZA.

1. Select Firewall from the menu on the left
2. Set Internet Security Zone to High (the default)
3. Click the Custom button within Internet Security Zone
4. Ensure that the following items within "High security settings for Internet zone" are checked:
Allow broadcast/multicast is checked (default)
Allow outgoing ping (ICMP Echo)
Allow other outgoing ICMP
5. Ensure that other items within that category are NOT checked unless you need them for something unrelated to DIMES.
6. Run DIMES, it will now work!!!

You do not need to enable "Allow incoming ping (ICMP Echo)" or "Allow other incoming ICMP", nor do you need to let javaw.exe act as a server (meaning listen for or accept connections).

I have not attempted to apply these settings to the free version of ZoneAlarm.

Regards,
Andrew.

[mfpotter]

Hi Andrew,

Thanks for your post, and for figuring out how to get DIMES to work with ZoneAlarm. Unfortunately (at least for me), the settings/options that you described are only available in the paid version of ZoneAlarm (ZoneAlarm Pro), not in the free version (which is the version that I have ).

Best regards,
Mike

[HelzBelz]

... based on upon some original investigative work by HelzBelz, so all credit to him or her for figuring out how to get it working with ZA.

FYI, it's "him"

Glad I could be of some help !

I'll probably try and fiddle around with the Free version of Zone Alarm next time I've got a fresh Windows install to play with (unless someone beats me to the punch, that is).

Regards,

HelzBelz

[7im]

Would a moderator please fix the title of this thread? It only applies to the Pro version of ZoneAlarm. I guess that us free ZoneAlarm FireWall users are out of luck for now. My DSL router blocks ICMP, and I can't turn that off. And the free ZoneAlarm is blocking UDP. I supposed I won't be participating in this project an further until you can find a work around. Thanks.

[danny]

I'll do that. thanx for the notice.

[Jammy]

I have been running DIMES on two AXP's (XP 2600 and XP 3000) both use W2K and the free version of Zone Alarm. I was never even aware that others were having problems with ZA until one of my team mates from Ars Technica Team Strawberry Jello mentioned it yesterday.

The sliders in ZA for the firewall on both the Trusted Zone and the Internet Zone are set at Medium. I have my DIMES client set for UDP only and Zone Alarm does not block the UDP packets, in fact, both Tracert and Ping works fine with ZA. My graph window gets so congesteted that I have to dump the graphs at least hourly for I have found DIMES to really be a memory hog and it actually slows down my 3 GHz Dell Dimension (I run DIMES with Seventeen or Bust on all four of my boxes) which has 512 megs of PC3200 DDR2 DC.

Jammy

[HelzBelz]

... The sliders in ZA for the firewall on both the Trusted Zone and the Internet Zone are set at Medium ...

Yep, verified here.

With Zone Alarm "Free", most of the control you have is by selecting "presets"; here with DIMES, this means using "Medium" in both the Trusted and Internet zones. The "Medium" settings allows UDP transfers, hence DIMES can be used in UDP mode, by specifiying "UDP" in Properties --> Network --> Protocol.

This is NOT a problem with DIMES: it's the way your firewall software is designed. For Zone Alarm, the "Pro" version does have a much more complete set of user settings (as described in previous posts above), so do other software firewalls.

Now, it's up to the user to decide if "Medium" (in Zone Alarm Free) provides good enough protection on the Internet side (and, for most users, Medium is indeed sufficient).

Regards,

HelzBelz

[mfpotter]

Thanks Jammy for the info regarding the free version of ZoneAlarm - I may give the sliders a try...

This is NOT a problem with DIMES: it's the way your firewall software is designed. For Zone Alarm, the "Pro" version does have a much more complete set of user settings (as described in previous posts above), so do other software firewalls.
HelzBelz

However, not meaning to be argumentative with HelzBelz, but there IS an issue with the 0.4 version of DIMES. With the 0.3 version, and with the free version of ZoneAlarm, and with the sliders set to High, DIMES worked. Same computer, same version of ZoneAlarm, same slider position, but now with DIMES 0.4, DIMES DOES NOT work. So, something was changed in DIMES that is preventing it from working with a firewall configuration that worked with DIMES 0.3.

Best regards,
Mike

[HelzBelz]

... With the 0.3 version, and with the free version of ZoneAlarm, and with the sliders set to High, DIMES worked. Same computer, same version of ZoneAlarm, same slider position, but now with DIMES 0.4, DIMES DOES NOT work ...

I'm sure you're right, mfpotter, sorry for the misunderstanding : I should have mentionned that I've joined DIMES at version 0.4 (hence have never witnessed the behaviour of previous agents).

Note to developpers --> I can only confirm the "problem" and solutions (i.e. my posts above, and the original post in this thread) with this configuration:

DIMES Agent 0.4 on a Win2k w/SP4 install, running with either
ZoneAlarm Pro version: 5.5.094.000, or
ZoneAlarm Free version: 5.5.094.000

(People with a different setup: don't hesitate to add a comment, i.e. Win XP, or older Zone Alarm, etc.)

Anyhow, both versions of Zone Alarm do have a solution (described previously); but yet, I sure agree with mfpotter that if previous versions of your Agent (0.3 and earlier) were working without fiddling around with Zone Alarm's default settings, then only you (the developpers) are in a position to figure out what has since changed in 0.4 which triggered the problems related in thread...

Please, let us know what you find out ! (I'm quite fascinated by the DIMES project)

Later,

HelzBelz


P.S. 5.5.094.000 is the latest (as of this moment) Zone Alarm version (either Free or Pro). I haven't tried DIMES with older versions of ZA, since this latest release does address security concerns, and the (free) update is strongly recommended.

[7im]

Windows XP SP2 and ZoneAlarm Free v5.5.094.000. Doesn't work with Internet Zone slider on the FireWall set to High. And I am not really comfortable compromising my firewall settings to run this project, especially when I read that dimes worked in v.03 and stopped working in v.04 with Zone Alarm. Obviously, something in the dimes agent changed! It would be nice if some of the project people would comment on this concern.

Oh, ya, and it would be nice if the servers didn't go offline so much either.

[Jammy]

Oh, ya, and it would be nice if the servers didn't go offline so much either.

Amen to that!

[HelzBelz]

O.K. I'ld like to switch my Agents to run in UDP mode. However, my firewall (ZA Pro) requests a list of which specific "UDP ports" to be opened...

So, what UDP ports are being used / monitored by the Agent ?

Regards,

HelzBelz

[Lupine1647]

According to Netpeeker, it would look like UDP port 53 is the port NetDimes uses for UDP.


[EDIT]Nevermind, was reading the wrong column, on the local side, it would apear to be just random ports ranging from anywhere between 1000-4000.[/EDIT]

[HelzBelz]

O.K. I'ld like to switch my Agents to run in UDP mode. However, my firewall (ZA Pro) requests a list of which specific "UDP ports" to be opened...

So, what UDP ports are being used / monitored by the Agent ?

Regards,

HelzBelz

Thanks Lupus1647; however, perhaps an "admin" could help us here (being more specific)...

So, I reiterate my question: Which specific UDP ports does DIMES use ?

Best regards,

HelzBelz

[chunming]

I am running Zonealarm 5.5.094.000 and at high internet security, DIMES is blocked by Zonealarm.

At medium setting, only ICMP can get through. UDP cannot get through as well................

I have used the older version before and it works at high security, so don't know what happened here..........