Re: I am sick of windows firewall

Duane Arnold wrote:

V S Rawat wrote:
louise wrote:


Duane Arnold wrote:

Sebastian Gottschalk wrote:


Duane Arnold wrote:


IPsec that's on the XP O/S too can be used to
supplement the XP FW if you need to stop outbound
packets. And it can do it by port, protocol, or IP.
[...]
I use the AnalogX IPsec rules to supplement BlackIce
on the laptop.



That's bad. You're always open to IP/50, IP/51 and
UDP/500, and your rules will always let pass all
Kerberos, NetBIOS, multicast and broadcast traffic.
Some of those excemptions can be disabled, some
cannot.


I have made my adjustments to IPsec to supplement
BlackIce to fit my needs. BlackIce is set to stop all
unsolicited inbound traffic and is letting nothing
through that's not solicited. In addition to that, I
have set rules with BlackIce to block TCP and UDP ports
from 1-65535, which means if I take BI off of it
highest configuration rule of stopping all unsolicited
inbound traffic, it's still blocking all unsolicited
inbound traffic.

IPsec is only a supplement to BlackIce or to any PFW
solution. It's not a front line defense solution. If I
need IPsec to stop outbound that BlackIce cannot do by
setting rules, then I'll do that.

In addition, the alters on BlackIce's highest threat
level that I was getting that were happening on the
attempts on the Windows networking ports even though BI
was stopping the attempts came to a complete stop on
the notification and logging, once I implemented the
AnalogX rules for IPsec, activated IPsec and configured
IPsec to start block packets amid at those ports.

Again, IPsec is a supplement solution behind the PFW
solution and I am pleased with it's ability to be a
supplemental packet filtering solution.

Ipsec is doing its job on this laptop. If it comes past
IPsec and BlackIce on unsolicited inbound traffic, then
I'll worry about it. :)

I need IPsec to stop outbound if I need it to do it.
That's its purpose and why it is there.

Duane :)

I've read all your posts and am confused by your
statement(s) that PFWs only deal with incoming traffic.

I've been using Sygate for several years (don't know what
to use instead, even now), and it definitely asks before it
connects for an update. For example, Adobe Reader always
wants to update - I set Sygate to stop it. Several other
programs I run want to go check for updates all the time
and I don't want them to use resources and keep my waiting.

And - perhaps more importantly, I certainly don't want
them to download and install their updates unless I decide
I need that update. And then, I want to install one
update and make sure it hasn't affected machine
performance, before I download another. Essentially, I
want to know what's going on. Even if the intentions are
good, if there is a negative result, a bug, a conflict
between programs, I want to know what was just
changed/installed/updated.

If Windows FW doesn't do that - then what would I need it
for? I have a Linksys NAT, SP1 router - doesn't that
perform the same function better?

TIA

Louise



Exactly what I feel.

I can't hold your hand. You have got to figure things out for
yourself.


OK. Some M$fans on this ng thinks that a firewall should
listen to inbound traffic only.

Again, you're way off in left field as usual. I don't even
consider a PFW to even be a FW period. What I do consider it
to be is a machine level packet filter. That's it and nothing
else.

And again, I or anyone else in this ng that have little
expertise know the difference that you can't seem to grasp.
It's not my fault that you cannot seem to grasp it. But you're
not alone.



Now, unless there is some outbound traffic from our pc, how
would inbound traffic begin?

If you actually knew what you were talking about, then you
would be dangerous. Inbound unsolicited traffic from a
application running from a remote site can cause the
listening or server program to send outbound traffic from a
machine. Such would be the case of your browser on the client
machine that must initiate contact with a Web serve to begin a
session between the two, with it sending back outbound traffic
to continue the session. Now of course, the FW that would be
setting in front of the Web server would have port 80 HTTP
open to all unsolicited inbound traffic from potential client
machines.

What you have described is plausible only if our PSW (ZA, etc.)
are not controlling inbound traffic. They are controlling and
filtering that, so they are as effective as windows firewall in
that respect. Plus za also controls and reports outbound
traffic, which windows firewall doesn't, hence za is one up on
windows firewall.


In addition to this, you as a typical home user would never
have that situation and nothing running on your machine would
be in a server listening mode as the norm.


Anyway. please coin some other term for the software that
listens to and controls outbound traffic, but give me some
tips about such software who are good at that, and are free.

None of them are IMHO and you won't get it out of me. :)

:) Then, I would have to rephrase the question.

Suppose I switch on windows firewall, and uninstall za, which
other software should I install to observe and control outbound
traffic?



Duane :)

--
Rawat
.

Relevant Pages

  • Re: I am sick of windows firewall
    ... I use the AnalogX IPsec rules to supplement BlackIce ... need IPsec to stop outbound that BlackIce cannot do by ... attempts on the Windows networking ports even though BI ... supplemental packet filtering solution. ...
    (comp.security.firewalls)
  • Re: I am sick of windows firewall
    ... the XP FW if you need to stop outbound packets. ... I have made my adjustments to IPsec to supplement BlackIce ... the Windows networking ports even though BI was stopping ...
    (comp.security.firewalls)
  • Re: I am sick of windows firewall
    ... the XP FW if you need to stop outbound packets. ... I have made my adjustments to IPsec to supplement BlackIce ... the Windows networking ports even though BI was stopping ...
    (comp.security.firewalls)
  • Re: Ipsec
    ... >> addresses I need outbound, ... >> out of IPSEC is there? ... > IPsec is cool but it's a pain in the ass with the high ports when a high ... It also interfered with the logging from the router where I had to ...
    (comp.security.firewalls)
  • Re: I am sick of windows firewall
    ... I have made my adjustments to IPsec to supplement BlackIce to fit my needs. ... In addition to that, I have set rules with BlackIce to block TCP and UDP ports from 1-65535, which means if I take BI off of it highest configuration rule of stopping all unsolicited inbound traffic, it's still blocking all unsolicited inbound traffic. ...
    (comp.security.firewalls)