Re: Microsoft update asking for security change - SP 2 firewall operation

From: Steve Riley (steriley_at_microsoft.com)
Date: 06/06/04 

Date: Sat, 5 Jun 2004 17:44:54 -0700

In XP service pack 2, the firewall is still an inbound-only blocker. It's
default configuration is to block all unsolicited inbound traffic. Allowed
inbound traffic must be a response to something that previously went out.
Depending on the protocol, the characteristics of that allowed traffic will
be different:

* For outbound TCP, inbound replies must come from the target IP address

* For outbound UDP, inbound replies can come from any IP address;
  after 90 seconds of inactivity, no inbound replies are permitted

* For outbound broadcast and multicast, replies can come from any IP
  on the target's subnet for three seconds

Just like on the original ICF, you can create openings in the firewall to
allow unsolicited inbound traffic for certain things running on the computer
that you want to permit. The old ICF let you open only static ports, and
these ports would remain open as long as the computer was running. The new
firewall still has this functionality, but it also allows you to grant an
application permission to open a port. When you do this, no ports are
initially open. When the application binds to a socket, whatever port the
application requested will be opened in the firewall. When the application
terminates, the port will close.

But do remember: this is for applications that bind to a port in listening
mode. There is no functionality in the new firewall to control, by
application, outbound traffic. All outbound traffic is always permitted.

Steve
steriley@microsoft.com

"zz" <zz@nospam.com> wrote in message
news:zpNuc.17705$eH1.7771363@newssvr28.news.prodigy.com...
> Lady wrote:
>
<snip>
>
> Also, Internet Connection Firewall only prevents unsolicited INCOMING
> packets and does not check OUTGOING packets sent from your system (Service
> Pack 2 will fix this). ICS does not screen for viruses, worms or trojans,
> you need an anti-virus for that. Once a computer is infected a good
> firewall will prevent trojans etc from sending out packets unless you give
> the program permission to send.

Relevant Pages

  • Re: [Newbie alert!] Is the Linksys BEFSX41 hardware Firewall/router a "real" firewall?
    ... there is very little that a real firewall appliance will ... ALL inbound and outbound traffic in real time - a simple KVM switch will ... outbound SMTP then it can spam all it wants. ... Private Ports in some versions - where you can list port ranges to block ...
    (comp.security.firewalls)
  • Re: OT: Trend Micro WFBS beta starting soon
    ... Trend firewall, even set to High, has inbound NetBIOS ports open. ... default 3389 port, web browsing, email, etc. ... it opens inbound NetBIOS connections until the laptop is rebooted. ...
    (microsoft.public.windows.server.sbs)
  • Re: Networking over mains cables
    ... 'inbound and outbound, only if initiated by me' and ... the firewall so a webserver needs to allow inbound HTTP ... In this context the ports are conceptual. ...
    (comp.sys.acorn.networking)
  • Re: Norton Personal Firewall 2003
    ... > i can exclude the intrusion detection called "port scan". ... > After that i changed the security level to HIGH. ... the firewall checks unsolicited inbound communications attempts. ...
    (comp.security.firewalls)
  • Re: Networking over mains cables
    ... 'inbound and outbound, only if initiated by me' and ... the firewall so a webserver needs to allow inbound HTTP ... After all, I have read about 'ports' for years, but never ...
    (comp.sys.acorn.networking)