Re: Windows XP Internet Connection Firewall

From: Ansgar -59cobalt- Wiechers (bugtraq_at_planetcobalt.net)
Date: 06/16/05

  • Next message: Phil Cryer: "Re: Re: Re: Faking OS fingerprinting in Windows"
    Date: Thu, 16 Jun 2005 18:26:44 +0200
    To: security-basics@securityfocus.com
    
    

    On 2005-06-16 sl2ck3rj2ck@gmail.com wrote:
    > I am trying to understand the security implications of using the
    > default Windows XP Internet Connection Firewall [ Not to be confused
    > with Windows Firewall which comes with SP2 ] .

    They are the same, except for some minor features and the name change.

    > I have read in many places that it is not a very secure firewall. And
    > using some 3rd party firewall like zonealarm is better.

    No. No.

    > From what I could understand was that was because of two main reasons.
    >
    > 1. It only blocks inbound connections

    Which is the only thing a host-based firewall can do reliably.

    > 2. It does that by hiding the computer and not by actually blocking
    > the ports. Which would mean if some worm etc. was generating random
    > IPs it may actually be able to connect and exploit some service like
    > LSASS.

    That's plain wrong.

    Regards
    Ansgar Wiechers

    -- 
    "All vulnerabilities deserve a public fear period prior to patches
    becoming available."
    --Jason Coombs on Bugtraq
    

  • Next message: Phil Cryer: "Re: Re: Re: Faking OS fingerprinting in Windows"