Re: I am sick of windows firewall
- From: Duane Arnold <NotMe@xxxxxxxxx>
- Date: Tue, 21 Mar 2006 10:28:56 GMT
V S Rawat wrote:
louise wrote:
Duane Arnold wrote:
Sebastian Gottschalk wrote:
Duane Arnold wrote:
IPsec that's on the XP O/S too can be used to supplement
the XP FW if you need to stop outbound packets. And it
can do it by port, protocol, or IP.
[...]
I use the AnalogX IPsec rules to supplement BlackIce on
the laptop.
That's bad. You're always open to IP/50, IP/51 and
UDP/500, and your rules will always let pass all Kerberos,
NetBIOS, multicast and broadcast traffic. Some of those
excemptions can be disabled, some cannot.
I have made my adjustments to IPsec to supplement BlackIce
to fit my needs. BlackIce is set to stop all unsolicited
inbound traffic and is letting nothing through that's not
solicited. In addition to that, I have set rules with
BlackIce to block TCP and UDP ports from 1-65535, which
means if I take BI off of it highest configuration rule of
stopping all unsolicited inbound traffic, it's still
blocking all unsolicited inbound traffic.
IPsec is only a supplement to BlackIce or to any PFW
solution. It's not a front line defense solution. If I
need IPsec to stop outbound that BlackIce cannot do by
setting rules, then I'll do that.
In addition, the alters on BlackIce's highest threat level
that I was getting that were happening on the attempts on
the Windows networking ports even though BI was stopping
the attempts came to a complete stop on the notification
and logging, once I implemented the AnalogX rules for
IPsec, activated IPsec and configured IPsec to start block
packets amid at those ports.
Again, IPsec is a supplement solution behind the PFW
solution and I am pleased with it's ability to be a
supplemental packet filtering solution.
Ipsec is doing its job on this laptop. If it comes past
IPsec and BlackIce on unsolicited inbound traffic, then
I'll worry about it. :)
I need IPsec to stop outbound if I need it to do it. That's
its purpose and why it is there.
Duane :)
I've read all your posts and am confused by your statement(s)
that PFWs only deal with incoming traffic.
I've been using Sygate for several years (don't know what to
use instead, even now), and it definitely asks before it
connects for an update. For example, Adobe Reader always
wants to update - I set Sygate to stop it. Several other
programs I run want to go check for updates all the time and I
don't want them to use resources and keep my waiting.
And - perhaps more importantly, I certainly don't want them to
download and install their updates unless I decide I need that
update. And then, I want to install one update and make sure
it hasn't affected machine performance, before I download
another. Essentially, I want to know what's going on. Even
if the intentions are good, if there is a negative result, a
bug, a conflict between programs, I want to know what was just
changed/installed/updated.
If Windows FW doesn't do that - then what would I need it for?
I have a Linksys NAT, SP1 router - doesn't that perform the
same function better?
TIA
Louise
Exactly what I feel.
I can't hold your hand. You have got to figure things out for yourself.
OK. Some M$fans on this ng thinks that a firewall should listen
to inbound traffic only.
Again, you're way off in left field as usual. I don't even consider a PFW to even be a FW period. What I do consider it to be is a machine level packet filter. That's it and nothing else.
And again, I or anyone else in this ng that have little expertise know the difference that you can't seem to grasp. It's not my fault that you cannot seem to grasp it. But you're not alone.
Now, unless there is some outbound traffic from our pc, how
would inbound traffic begin?
If you actually knew what you were talking about, then you would be dangerous. Inbound unsolicited traffic from a application running from a remote site can cause the listening or server program to send outbound traffic from a machine. Such would be the case of your browser on the client machine that must initiate contact with a Web serve to begin a session between the two, with it sending back outbound traffic to continue the session. Now of course, the FW that would be setting in front of the Web server would have port 80 HTTP open to all unsolicited inbound traffic from potential client machines.
In addition to this, you as a typical home user would never have that situation and nothing running on your machine would be in a server listening mode as the norm.
Anyway. please coin some other term for the software that
listens to and controls outbound traffic, but give me some tips
about such software who are good at that, and are free.
None of them are IMHO and you won't get it out of me. :)
Duane :)
.
- Follow-Ups:
- Re: I am sick of windows firewall
- From: V S Rawat
- Re: I am sick of windows firewall
- References:
- I am sick of windows firewall
- From: V S Rawat
- Re: I am sick of windows firewall
- From: Volker Birk
- Re: I am sick of windows firewall
- From: V S Rawat
- Re: I am sick of windows firewall
- From: Duane Arnold
- Re: I am sick of windows firewall
- From: V S Rawat
- Re: I am sick of windows firewall
- From: Duane Arnold
- Re: I am sick of windows firewall
- From: Sebastian Gottschalk
- Re: I am sick of windows firewall
- From: Duane Arnold
- Re: I am sick of windows firewall
- From: louise
- Re: I am sick of windows firewall
- From: V S Rawat
- I am sick of windows firewall
- Prev by Date: Re: I am sick of windows firewall
- Next by Date: Re: Port Scanning onWAN IP of Speedtouch 530
- Previous by thread: Re: I am sick of windows firewall
- Next by thread: Re: I am sick of windows firewall
- Index(es):
Relevant Pages
|
