Re: I am sick of windows firewall

From: "V S Rawat" <VSRawat@xxxxxxxxxxxx>
Date: 21 Mar 2006 10:13:45 GMT

louise wrote:

Duane Arnold wrote:

Sebastian Gottschalk wrote:

Duane Arnold wrote:

IPsec that's on the XP O/S too can be used to supplement
the XP FW if you need to stop outbound packets. And it
can do it by port, protocol, or IP.
[...]
I use the AnalogX IPsec rules to supplement BlackIce on
the laptop.

That's bad. You're always open to IP/50, IP/51 and
UDP/500, and your rules will always let pass all Kerberos,
NetBIOS, multicast and broadcast traffic. Some of those
excemptions can be disabled, some cannot.

I have made my adjustments to IPsec to supplement BlackIce
to fit my needs. BlackIce is set to stop all unsolicited
inbound traffic and is letting nothing through that's not
solicited. In addition to that, I have set rules with
BlackIce to block TCP and UDP ports from 1-65535, which
means if I take BI off of it highest configuration rule of
stopping all unsolicited inbound traffic, it's still
blocking all unsolicited inbound traffic.

IPsec is only a supplement to BlackIce or to any PFW
solution. It's not a front line defense solution. If I
need IPsec to stop outbound that BlackIce cannot do by
setting rules, then I'll do that.

In addition, the alters on BlackIce's highest threat level
that I was getting that were happening on the attempts on
the Windows networking ports even though BI was stopping
the attempts came to a complete stop on the notification
and logging, once I implemented the AnalogX rules for
IPsec, activated IPsec and configured IPsec to start block
packets amid at those ports.

Again, IPsec is a supplement solution behind the PFW
solution and I am pleased with it's ability to be a
supplemental packet filtering solution.

Ipsec is doing its job on this laptop. If it comes past
IPsec and BlackIce on unsolicited inbound traffic, then
I'll worry about it. :)

I need IPsec to stop outbound if I need it to do it. That's
its purpose and why it is there.

Duane :)

I've read all your posts and am confused by your statement(s)
that PFWs only deal with incoming traffic.

I've been using Sygate for several years (don't know what to
use instead, even now), and it definitely asks before it
connects for an update. For example, Adobe Reader always
wants to update - I set Sygate to stop it. Several other
programs I run want to go check for updates all the time and I
don't want them to use resources and keep my waiting.

And - perhaps more importantly, I certainly don't want them to
download and install their updates unless I decide I need that
update. And then, I want to install one update and make sure
it hasn't affected machine performance, before I download
another. Essentially, I want to know what's going on. Even
if the intentions are good, if there is a negative result, a
bug, a conflict between programs, I want to know what was just
changed/installed/updated.

If Windows FW doesn't do that - then what would I need it for?
I have a Linksys NAT, SP1 router - doesn't that perform the
same function better?

TIA

Louise

Exactly what I feel.

OK. Some M$fans on this ng thinks that a firewall should listen
to inbound traffic only.

Now, unless there is some outbound traffic from our pc, how
would inbound traffic begin?

Anyway. please coin some other term for the software that
listens to and controls outbound traffic, but give me some tips
about such software who are good at that, and are free.

thanks.
--
Rawat
.

Follow-Ups:
- Re: I am sick of windows firewall
  - From: Duane Arnold
- Re: I am sick of windows firewall
  - From: Volker Birk

References:
- I am sick of windows firewall
  - From: V S Rawat
- Re: I am sick of windows firewall
  - From: Volker Birk
- Re: I am sick of windows firewall
  - From: V S Rawat
- Re: I am sick of windows firewall
  - From: Duane Arnold
- Re: I am sick of windows firewall
  - From: V S Rawat
- Re: I am sick of windows firewall
  - From: Duane Arnold
- Re: I am sick of windows firewall
  - From: Sebastian Gottschalk
- Re: I am sick of windows firewall
  - From: Duane Arnold
- Re: I am sick of windows firewall
  - From: louise

Prev by Date: Re: I am sick of windows firewall
Next by Date: Re: I am sick of windows firewall
Previous by thread: Re: I am sick of windows firewall
Next by thread: Re: I am sick of windows firewall
Index(es):
- Date
- Thread

Relevant Pages

Re: I am sick of windows firewall
... the XP FW if you need to stop outbound packets. ... I have made my adjustments to IPsec to supplement BlackIce ... the Windows networking ports even though BI was stopping ...
(comp.security.firewalls)
Re: I am sick of windows firewall
... I use the AnalogX IPsec rules to supplement BlackIce ... need IPsec to stop outbound that BlackIce cannot do by ... attempts on the Windows networking ports even though BI ...
(comp.security.firewalls)
Re: Ipsec
... >> addresses I need outbound, ... >> out of IPSEC is there? ... > IPsec is cool but it's a pain in the ass with the high ports when a high ... It also interfered with the logging from the router where I had to ...
(comp.security.firewalls)
Re: I am sick of windows firewall
... I have made my adjustments to IPsec to supplement BlackIce to fit my needs. ... In addition to that, I have set rules with BlackIce to block TCP and UDP ports from 1-65535, which means if I take BI off of it highest configuration rule of stopping all unsolicited inbound traffic, it's still blocking all unsolicited inbound traffic. ...
(comp.security.firewalls)
Re: I am sick of windows firewall
... I have made my adjustments to IPsec to supplement BlackIce to fit my needs. ... In addition to that, I have set rules with BlackIce to block TCP and UDP ports from 1-65535, which means if I take BI off of it highest configuration rule of stopping all unsolicited inbound traffic, it's still blocking all unsolicited inbound traffic. ...
(comp.security.firewalls)