Re: Ok to let all ICMP traffic through firewall?

From: Volker Birk (bumens_at_dingens.org)
Date: 10/10/05 

Date: 10 Oct 2005 21:48:21 +0200

jameshanley39@yahoo.co.uk wrote:
> Volker Birk wrote:
> > jameshanley39@yahoo.co.uk wrote:
> > > you could try turning the windows firewall off, see if you still have
> > > problems. but that can possibly be a bit of a security hazard.
> > Yes. Before doing this, the OP could use www.dingens.org to stop offering
> > services.
> there are side effects though. I vageuly recall running that, then at
> one point, trying to start the windwos firewall - expecting the screen
> to just come up, and it started loading something. It's not really
> clear, for each service, what that program does to disable it.

If you're using the Windows-Firewall, you don't need this program.
Just start it again, and choose the lowest point - afterwards, your
system is configured like it was before.

"Shutdown Windows' servers" is shutting down services, too, which are
needed by the Windows-Firewall.

If you want to know, what "Shutdown Windows' servers" does exactly, you
could read the source code. You can download it at:

http://www.dingens.org/win32sec-en-src.zip

The program does just the same as Torsten's script in version 2.1, though.
So you can download Torsten's script, too, and just read the commands
Torsten is executing. They're usual Windows commands, you can enter at
the command processor's prompt.

> There
> are side effects. Many services can be disabled with no side effects,
> via adminsitrative tools.. So, what other services are there? there
> can't be many.

Unfortunately, there are some. Especially, stopping Windows to offer
DCE RPC and DCOM over DCE RPC (and SMB name services and so on) at all
requires some registry configuration.

I would be happy, if Microsoft could fix that.

> Also, I didn't notice a restore option in that program at the time I
> used it.

Just start it again, and choose the lowest point again (named "unsecure").
This is the restore functionality. The text of this point changes to
"restore" ;-)

> Say I were to manally disable the messenger service, and UPnP, and
> disable file and print sharing (port 139), and what other services
> are there? lsitening on 0.0.0.0 I guess there's NBTSTAT maybe(135)
> but I don't know how to disable that noe.

The latter is done by configuring the registry, together with configuring
DCOM and RPC.

> There can onyl be a handful of services that cannot be easily disabled
> manually.

Yes.

> No reason for a whole program to do them and not list details
> or even services running that it is disabling.

Yes. Please better use Torsten's script. You can modify and adapt it for
your needs. "Shutdown Windows' servers" is there only, because I wanted
to offer this possibility for people, too, who don't feel comfortable
with black windows and grey text ;-)

For people like you, who are interested in what's goin'on exactly, but
perhaps are no C programmers, Torsten's script is the much better
choice:

http://ntsvcfg.de/ntsvcfg_eng.html

> I think it's better for the user to just be educated on what services
> cannot be turned off manually, and they just run a script that does
> some registry hacks and warns of te side efects.

Yes. I think so. I'm offering "Shutdown Windows's servers" as an
addition to it as "one-click-solution".

Yours,
VB. 

-- 
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
                   Wolfgang Clement am 10.10.05 als Noch-Superminister

Relevant Pages

  • Re: Microsoft Warns of New Windows Flaw (March 19, 2003 )
    ... In WINDOWS SETUP in ADD/REMOVE PROGRAMS of Control Panel ... Uninstall Outlook Express, ... Java, Javascript, ActiveX and all the other script runner toys Billy ... Install WebWasher the spammers are terrified of free from ...
    (comp.security.misc)
  • Re: Microsoft Warns of New Windows Flaw (March 19, 2003 )
    ... In WINDOWS SETUP in ADD/REMOVE PROGRAMS of Control Panel ... Uninstall Outlook Express, ... Java, Javascript, ActiveX and all the other script runner toys Billy ... Install WebWasher the spammers are terrified of free from ...
    (comp.security.firewalls)
  • [NT] Flaw in Windows Script Engine Could Allow Code Execution
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The Windows Script Engine provides Windows operating systems with the ... blocked by Outlook Express 6.0 and Outlook 2002 in their default ...
    (Securiteam)
  • Enumerate installed software on Windows 2003
    ... Using this scriptomatic script, I am able to list all installed ... our Windows 2003 servers. ... colItems", as colItems is empty. ...
    (microsoft.public.scripting.vbscript)
  • Re: Right click on text vs. right click on hyperlink
    ... I were to do that the built-in Windows way, I have to go down about ... >> me to open in one step the editing page of any archive page in my ... >> contains the below Windows script. ... >> that url and opens the editing page. ...
    (microsoft.public.scripting.vbscript)
Loading