Re: Windows XP Internet Connection Firewall

From: Ansgar -59cobalt- Wiechers (bugtraq_at_planetcobalt.net)
Date: 06/16/05

  • Next message: Phil Cryer: "Re: Re: Re: Faking OS fingerprinting in Windows"
    Date: Thu, 16 Jun 2005 18:26:44 +0200
    To: security-basics@securityfocus.com
    
    

    On 2005-06-16 sl2ck3rj2ck@gmail.com wrote:
    > I am trying to understand the security implications of using the
    > default Windows XP Internet Connection Firewall [ Not to be confused
    > with Windows Firewall which comes with SP2 ] .

    They are the same, except for some minor features and the name change.

    > I have read in many places that it is not a very secure firewall. And
    > using some 3rd party firewall like zonealarm is better.

    No. No.

    > From what I could understand was that was because of two main reasons.
    >
    > 1. It only blocks inbound connections

    Which is the only thing a host-based firewall can do reliably.

    > 2. It does that by hiding the computer and not by actually blocking
    > the ports. Which would mean if some worm etc. was generating random
    > IPs it may actually be able to connect and exploit some service like
    > LSASS.

    That's plain wrong.

    Regards
    Ansgar Wiechers

    -- 
    "All vulnerabilities deserve a public fear period prior to patches
    becoming available."
    --Jason Coombs on Bugtraq
    

  • Next message: Phil Cryer: "Re: Re: Re: Faking OS fingerprinting in Windows"

    Relevant Pages

    • Re: firewall?
      ... Well, if you have Windows XP, it's there.. ... Click on "Enable or Disable Internet Connection Firewall" ...
      (microsoft.public.windowsxp.security_admin)
    • CANNOT ENABLE SP2 FIREWALL
      ... The windows xp firewall isn't active. ... Follow prompts and reboot. ... Check to see if the Internet Connection Firewall is not disabled: ...
      (microsoft.public.windowsxp.security_admin)
    • RE: Outlook error messages due to firewall
      ... Enable or Disable Internet Connection Firewall in Windows XP ...
      (microsoft.public.windowsxp.security_admin)
    • Re: tcp settings
      ... (such as a router) ... the built-in Internet Connection Firewall in Windows XP can prevent a direct file ...
      (microsoft.public.windowsxp.messenger)
    • Re: Firewalls
      ... To enable or disable Internet Connection Firewall ... Open Network Connections ... protect, and then, under Network Tasks, click Change settings of this ...
      (microsoft.public.windowsxp.security_admin)