Re: 4 stupid WINDOWS FIREWALL questions
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 1 Sep 2006 11:48:47 -0500
The Windows Firewall is a good firewall if your needs are only to only block
inbound traffic that is not in response to traffic your server generated
knowingly or not to you. BUT any software/host firewall is subject to
failure by being disable by malware or software conflict which can be more
likely in a consumer computer. That may never happen to you or the majority
of users but is something to consider and why a hardware device needs to be
the first line of defense as you intend to do. So you can use the Windows
Firewall but check it's status and configuration regularly which can easily
be done with the command netsh firewall show state/config.
If your server is not the destination IP then it should not even process the
traffic other than broadcast or multicast. IP addresses ending in .255 are
broadcast traffic and those starting with 224-247 are multicast. The host
computers on your network are determined by the subnet mask. If your subnet
mast is 255.255.0.0 then the network is the first two octets and the hosts
are the last two octets. For 255.255.255.0 the network is the first three
octets and the hosts are the last octet. For 255.0.0.0 the network is the
first octet and the hosts are the last three octets. If you are using custom
subnet then you will have to calculate the range for the hosts. In your
example if the network is 24.0.0.0 with a subnet mask of 255.0.0.0 then yes
they are all on the same subnet which would be typical for a class A network
with default subnet mask.
Try pinging an IP or pinging your server from another computer. Doing that
and then reviewing the firewall log for evnets that happen at the time stamp
corresponding to those pings will give you a good idea on how what the
source/destination IPs are.
Steve
"MSUTech" <MSUTech@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:08FA19CD-F705-406B-9F43-E56961622AA8@xxxxxxxxxxxxxxxx
Hello all,
I have 4 quick questions....
All relating to WINDOWS FIREWALL
1. I am currently using it on a Windows Server 2003 (we are progressing to
a
hardware system - but, not quite their yet) - AM I CRAZY for doing that???
2. Within the pfirewall.log file: if my SERVER is NOT the dst-ip, then
those
blocked packets were never intended to come to my server, correct? - were
they just BROADCAST packets, that were caught by my firewall?
3. the dst-port is the port that the packets were TRYING to access on my
server, correct?
4. In windows firewall, under CHANGE Scope - is MY NETWORK SUBNET, every
computer that matches my first 3 numbers??? of the server??? Example: my
server might be 24.26.123.48, but, we have a lot of DYNAMIC users using
24.10.*.* .. IN THE SAME BUILDING .... are they members of MY SUBNET ..
or
only users that start with 24.26.123.*
thanks....
.
- Prev by Date: Re: Strange Permissions
- Next by Date: Re: Using EFS for laptops in a domain
- Previous by thread: Re: Strange Permissions
- Next by thread: Re: logon events
- Index(es):
Relevant Pages
|
