Re: [fw-wiz] Windows networking specifics (Was: re: Annoying pop-ups)

From: Mikael Olsson (mikael.olsson@clavister.com)
Date: 10/30/02


From: Mikael Olsson <mikael.olsson@clavister.com>
To: Luca Berra <bluca@comedia.it>
Date: Wed Oct 30 10:22:01 2002


Luca Berra wrote:
>
> Mikael Olsson wrote:
> > Neil Ames wrote:
> > > [block port 139]
> > This is somewhat disconcerting.
> > [block port 445 too]
>
> there has been a precise question "which port is used for windows
> messaging popup, how do i stop it?" and a precise answer "port 139,
> icf". so please calm down.

Here's an abject lesson in windows networking:

- Block port 139, tcp as well as udp
  Can connect to computer management interface
  Can connect to remote registry
  Can access all shares and printers
  "net send" works

- Block ports 136-445, tcp as well as udp.
  Can authenticate and connect to f.i. exchange servers and other
    RPC services that do not require port 139/445 for auth.
  "net send" still works

- Block ports 135-139, tcp as well as udp
  Can connect to computer management interface
  Can connect to remote registry
  Can access all shares and printers

> btw icf is not that bad for a product embedded in a microshaft os
> stateful, blocks everything by default, so probably Neil's
> suggestion also answers your concerns.

http://support.microsoft.com/default.aspx?scid=KB;EN-US;q314757&

Please study, in detail, the section that says "the ICF does not block
incoming broadcast or multicast traffic", and especially the bit that
explains how f.i. UPnP can be broadcast. [1]

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com
[1] Broadcasts can be directed across the Internet, too.
    This is why smurf amplification works.