Re: PORT 135 still open with Norton PF 2002

From: \ (dvader@deathstar.mil)
Date: 03/18/02

• Next message: Frederick: "What is this? An attempted hack?"
• Previous message: \: "Re: Port 135"
• In reply to: John: "Re: PORT 135 still open with Norton PF 2002"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "\"Crash\" Dummy" <dvader@deathstar.mil>
Date: Mon, 18 Mar 2002 13:39:41 -0500

>The culprit is the Default Inbound
>Loopback rule which looks like it permits connections from other computers
>such as web servers using TCP and UDP protocols. I am not very savvy with
>the use of firewalls, and I'm concerned about fouling up my system. This
>rule must be there for a reason, how can I modify it to beef up my firewall
>without screwing other things up?

Set the local address to "localhost" instead of "any." I use AtGuard, which
is what a good firewall looks like before Symantec gets a hold of it. It
formed the original kernel for Norton Personal Firewall. Below are the
Loopback rules that I use. Note the Local Address setting for "Inbound" and
Remote Address setting for "Outbound."

--
Dave "Crash" Dummy
Certified Dilettante
Dave@gpick.com
http://lists.gpick.com
------------------------------------------------------
Rule 3          Default Inbound Loopback
Rule in use:    YES
Logging:        NO
Protocol:       TCP or UDP
Action:         Permit
Direction:      Inbound
Application:    Any Application
Local  service: Any Service
Local  Address:  (localhost)
......HostName: localhost
............IP: 127.0.0.1
Remote service: Any Service
Remote Address: Any Address
------------------------------------------------------
Rule 4          Default Outbound Loopback
Rule in use:    YES
Logging:        NO
Protocol:       TCP or UDP
Action:         Permit
Direction:      Outbound
Application:    Any Application
Local  service: Any Service
Local  Address: Any Address
Remote service: Any Service
Remote Address: (localhost)
......HostName: localhost
............IP: 127.0.0.1
------------------------------------------------------

---

• Next message: Frederick: "What is this? An attempted hack?"
• Previous message: \: "Re: Port 135"
• In reply to: John: "Re: PORT 135 still open with Norton PF 2002"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Allow Wimba Live Classroom via ISA 2004 on SBS 2003 ... "The wimbamedia client first tries to connect through UDP 5998 then TCP ... Maybe I can get it to work by defining the custom protocol with primary UDP 5998 Send or Send Receive and secondary TCP 5998 Outbound. ... If not a custom access rule, to what rule do I attach the custom protocol? ... (microsoft.public.windows.server.sbs) Re: TCP_NODELAY ... Using TCP as a catch all protocol is a bad idea. ... channel + UDP 'action' messages. ... because it can _always_ introduce latency (noise on the line ... (microsoft.public.win32.programmer.networks) Re: how exactly UDP tunneling works... ... >that sounds strange because UDP is not reliable protocol opposite to TCP ( ... >many routers allow configuration not allowed UDP to pass because of that). ... (microsoft.public.win32.programmer.networks) Re: Firewalls, Ports and Mayhem ... What does UDP stand for and what is the differenece ... > UPD and TCP is something called protocols. ... UDP is a connectionless protocol which makes a best effort to ... (microsoft.public.windowsxp.security_admin) Re: localhost:half-life ... Here is a better list of connectons. ... Remote address: localhost:half-life ... Protocol: TCP ... (alt.comp.anti-virus)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)