Re: win xp sp1 changes ICF settings/rules and/or default behavior for snmp packet processing on udp 162?

From: Jerry (jbene@dataanyway.com)
Date: 09/19/02 

Date: 19 Sep 2002 20:52:43 -0000
From: Jerry <jbene@dataanyway.com>
To: focus-ms@securityfocus.com
('binary' encoding is not supported, stored as-is) In-Reply-To: <13083FDF0ECA2C41A92B11627E1C66106DFDB2@mewp03.expert>

There is an article here http://online.securityfocus.com/infocus/1620
dealing specifically with ICF. The article says you can not use ICF and
Outlook because ICF does not support RPC; also disables file sharing.

It says there is no granular support, I have not worked much with XP, this
is another reason not too! I wonder if the available services could be
edited to allow different ports than the standard ports; ie, ftp rule be
reconfigured to allow RPC?

>Received: (qmail 7090 invoked from network); 19 Sep 2002 19:11:20 -0000
>Received: from outgoing3.securityfocus.com (HELO
outgoing.securityfocus.com) (205.206.231.27)
> by mail.securityfocus.com with SMTP; 19 Sep 2002 19:11:20 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id 2E6ABA30D7; Thu, 19 Sep 2002 11:58:52 -0600 (MDT)
>Mailing-List: contact focus-ms-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <focus-ms.list-id.securityfocus.com>
>List-Post: <mailto:focus-ms@securityfocus.com>
>List-Help: <mailto:focus-ms-help@securityfocus.com>
>List-Unsubscribe: <mailto:focus-ms-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:focus-ms-subscribe@securityfocus.com>
>Delivered-To: mailing list focus-ms@securityfocus.com
>Delivered-To: moderator for focus-ms@securityfocus.com
>Received: (qmail 25578 invoked from network); 18 Sep 2002 22:47:24 -0000
>content-class: urn:content-classes:message
>Subject: RE: win xp sp1 changes ICF settings/rules and/or default
behavior for snmp packet processing on udp 162?
>MIME-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>Content-Transfer-Encoding: quoted-printable
>X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0
>Date: Thu, 19 Sep 2002 09:06:02 +1000
>Message-ID: <13083FDF0ECA2C41A92B11627E1C66106DFDB2@mewp03.expert>
>X-MS-Has-Attach:
>X-MS-TNEF-Correlator:
>Thread-Topic: win xp sp1 changes ICF settings/rules and/or default
behavior for snmp packet processing on udp 162?
>Thread-Index: AcJfZxC2SkumgP3wR7ihop3dJDzK8QAALpkQ
>From: "Rick Frankel" <Rick.Frankel@expert.com>
>To: <Ken.Williams@ey.com>, <focus-ms@securityfocus.com>
>
>Ken,
>
>I have noticed that with XP SP1 and ICF turned off, my Windows XP box
>still drops UDP packets sent from my exchange server to tell outlook
>there is a new message. I have no idea why it does this but suspect ICF
>somehow is partially turned on. Upon removal of SP1 the problem goes
>away.
>
>Rick
>
>-----Original Message-----
>From: Ken.Williams@ey.com [mailto:Ken.Williams@ey.com]=20
>Sent: Thursday, 19 September 2002 3:23 AM
>To: focus-ms@securityfocus.com
>Subject: win xp sp1 changes ICF settings/rules and/or default behavior
>for snmp packet processing on udp 162?
>
>i have a box running win xp pro, on a lan connected to a linksys
>router. i use linklogger to snag the logs being broadcast by
>the linksys to udp 162. before installing xp sp1, i had no
>problems with this setup, and i didn't have to make any changes
>to ICF, which was enabled on the xp box. after installing xp
>sp1, all snmp packets broadcasted to udp 162 were dropped by the
>xp box. i don't have time to investigate further, but i suspect
>that sp1 changes ICF settings or defaults, or some other facet
>of SNMP. the solution was to add a new "service" [read: rule]
>to ICF called "snmp" that permitted network to access "snmp" via
>udp port 162 (internally and externally). anybody else noticed
>this, or had the time to get to the bottom of the situation and
>determine exactly what changes xp sp1 makes to ICF and/or SNMP?
>
>thanks,
>ken
>
>Ken Williams, CISSP
>
>
>
>________________________________________________________________________
>The information contained in this message may be privileged and
>confidential and protected from disclosure. If the reader of this
>message is not the intended recipient, or an employee or agent
>responsible for delivering this message to the intended recipient, you
>are hereby notified that any dissemination, distribution or copying of
>this communication is strictly prohibited. If you have received this
>communication in error, please notify us immediately by replying to the
>message and deleting it from your computer. Thank you. Ernst & Young
>LLP
>
>
>********** CAUTION - Disclaimer **********
>This message may contain privileged and confidential
>information. If you are not the intended recipient of this
>message (or responsible for delivery of the message to
>such person) you are hereby notified that any use,
>dissemination, distribution or reproduction of this message
>is prohibited. If you have received this message in error,
>you should destroy it and kindly notify the sender by reply
>e-mail. Please advise immediately if you or your employer
>do not consent to Internet e-mail for messages of this kind.
>Opinions, conclusions and other information in this
>message that do not relate to the official business of
>Expert Information Services Pty Ltd ("The Company")
>shall be understood as neither given nor endorsed by it.
>
>The Company advises that this e-mail and any attached
>files should be scanned to detect viruses. The Company
>accepts no liability for loss or damage (whether caused
>by negligence or not) resulting from the use of any
>attached files.
>**EIS******** End of Disclaimer **********
>
>

Relevant Pages

  • RE: win xp sp1 changes ICF settings/rules and/or default behavior for snmp packet processing on udp
    ... I have noticed that with XP SP1 and ICF turned off, ... still drops UDP packets sent from my exchange server to tell outlook ... I have no idea why it does this but suspect ICF ... all snmp packets broadcasted to udp 162 were dropped by the ...
    (Focus-Microsoft)
  • RE: win xp sp1 changes ICF settings/rules and/or default behavior for snmp packet processing on udp
    ... to my network adapter properties and turned on the ICF checkbox), ... Outlook, and I'm currently connected to our Exchange server just fine. ... win xp sp1 changes ICF settings/rules and/or default behavior ... behavior for snmp packet processing on udp 162? ...
    (Focus-Microsoft)
  • ICF, SQL SERVER 2000 and Windows 2003
    ... Is it possible to configure a W2K3 server's ICF (internet connection ... firewall) to allow remote connection of EM to SQL ... 1433 UDP, ...
    (microsoft.public.sqlserver.security)
  • Re: Win XP SP1: Turn on ICF with GPO
    ... > Does anyone knows if it is possible to turn on the ICF on all XP SP1 ... > workstations on all existing connections and on all connections that will ... I know that SP2 has this functionality, but we need it for SP1. ...
    (microsoft.public.windows.group_policy)
  • Re: Frage für Spezialisten in ICF
    ... > die ICF aktivieren und sie so konfigurieren, das Zugriffe über ICA an die ... Bei der aktuellen Windows XP Version (SP1) kenne ich keine Möglichkeiten, ... andere Sicherheitseinstellungen über Sicherheitsrichtlinien zu steuern ...
    (microsoft.public.de.german.windowsxp.networking)