Thanks to sygate - well - marcus for tipping us of to this lil "gem" - v interesting.
Sygate, in response to the backstealth exploit have released a new version of their firewall.
"On May 1, 2002 after accelerated testing, we released a preview version of our Sygate Personal Firewall PRO software that addresses the Backstealth vulnerability. Yesterday evening we made this build#1116 available to the general public for those who are concerned about this proof of concept vulnerability. Users are welcome to download and try the preview release. The preview release is available only through our Product Forums." - click below for link.
This is the more interesting part of the email :
"On a side note, it might interest you to know that our research department has uncovered the real reason Zonealarm is "not vulnerable" to Backstealth. This is because the Zonealarm program is not even referenced within the Backstealth code. Our internal testing with the modified Backstealth tool confirms that Zonealarm is indeed vulnerable to the same type of proof of concept vulnerability."
So Zone Alarm is also vulnerable - but just not with this version of the exploit eh! Well thats a nice little revalation for us isnt it!