Windows Software Firewall

I personally manage a few dedicated Windows servers, rented from a
couple of different hosting companies. All servers are Windows Server
2003 Enterprise. I do not use the built in Windows firewall because of
the lack of control. Lately, I have been getting a few dictionary
attacks on a database server. I want to be able to block IP addresses
whenever I need. So, I am looking for the best, FREE software firewall
suited for my needs. I only want something that will block obvious
threats or have the ability to turn off automatic blocking. Basically,
I need someone to suggest the best freeware, software firewall that
has IP blocking capabilities. Thanks in advance.

Re: Windows Software Firewall

TampaWebDevelopment@gmail.com wrote:
> I personally manage a few dedicated Windows servers, rented from a
> couple of different hosting companies. All servers are Windows Server
> 2003 Enterprise. I do not use the built in Windows firewall because of
> the lack of control. Lately, I have been getting a few dictionary
> attacks on a database server. I want to be able to block IP addresses
> whenever I need. So, I am looking for the best, FREE software firewall
> suited for my needs. I only want something that will block obvious
> threats or have the ability to turn off automatic blocking. Basically,
> I need someone to suggest the best freeware, software firewall that
> has IP blocking capabilities. Thanks in advance.
>


http://www.petri.co.il/block_ping_traffic_with_ipsec.htm

You can apply the AnalogX IPsec rules and use them, make your own rules
and turn them on and off as you need them.

IPsec can set rules to block packets by port, protocol, IP and Subnet
inbound or outbound.

http://www.analogx.com/contents/articles/ipsec.htm

http://support.microsoft.com/default.aspx/kb/813878

BTW, what you're talking about or looking for are packet filters running
at the machine level. They are not firewalls software or hardware wise.

IPsec is just a packet filter.



What is a firewall?

A firewall protects networked computers from intentional hostile
intrusion that could compromise confidentiality or result in data
corruption or denial of service. It may be a hardware device or a
software program running on a secure host computer. In either case, it
must have at least *two network interfaces*, one for the network it is
intended to protect, and one for the network it is exposed to.

A firewall sits at the junction point or gateway between the two
networks, usually a private network and a public network such as the
Internet. The earliest firewalls were simply routers. The term firewall
comes from the fact that by segmenting a network into different physical
subnetworks, they limited the damage that could spread from one subnet
to another just like firedoors or firewalls.

Re: Windows Software Firewall

Post removed (X-No-Archive: yes)

Re: Windows Software Firewall

TampaWebDevelopment@gmail.com wrote:
> I personally manage a few dedicated Windows servers, rented from a
> couple of different hosting companies. All servers are Windows Server
> 2003 Enterprise. I do not use the built in Windows firewall because of
> the lack of control. Lately, I have been getting a few dictionary
> attacks on a database server. I want to be able to block IP addresses
> whenever I need.

You're able to do that with the Windows 2003 Firewall:

http://msdn2.microsoft.com/en-us/library/ms141198.aspx

You also can do that automatically by scripting, if you're detecting
attacks:

http://msdn2.microsoft.com/en-us/library/ms758664.aspx

Beware of DoS constructions when filtering in such a way.

Yours,
VB.
--
"Pornography is an abstract phenomenon. It cannot exist without a medium
to propagate it, and it has very little (if anything at all) to do with sex."
Tina Lorenz

Re: Windows Software Firewall

Sebastian Gottschalk wrote:
> Mr. Arnold wrote:
>
>
>>>Lately, I have been getting a few dictionary
>>>attacks on a database server. I want to be able to block IP addresses
>>>whenever I need.
>
>
> May I say, that's a stupid idea. You'll create your very own Denial of
> Service condition with that.
>
>
>>>I only want something that will block obvious threats
>
>
> For obvious threats, there's no need to block them. Just make them
> ineffective by design. F.E., you oh'so'bad dictionary attack is easily
> countered by choosing secure passwords.
>
>
>>http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
>>
>>You can apply the AnalogX IPsec rules and use them, make your own rules
>>and turn them on and off as you need them.
>>
>>IPsec can set rules to block packets by port, protocol, IP and Subnet
>>inbound or outbound.
>>
>>http://www.analogx.com/contents/articles/ipsec.htm
>>
>>http://support.microsoft.com/default.aspx/kb/813878
>>
>>BTW, what you're talking about or looking for are packet filters running
>>at the machine level. They are not firewalls software or hardware wise.
>>
>>IPsec is just a packet filter.
>
>
> IPsec is not even a packet filter. After all, he should be even lucky that
> he's running Windows Server 2003 where you're allowed to disable all
> internal exemption rules (Kerberos, multicast traffic...), and still you'll
> let IPsec traffic through. Really bad idea to abuse the IPsec filtering
> rules as a pure packet filter.

Where did I say anything about abusing IPsec? I would assume that OP is
looking for a solution to be used in a supplemental role, like I use
Ipsec in a supplemental role to block packets.

>
> What about using IPFilter or the RAS firewall? Or, since it was a stupid
> idea anyway, the Windows Firewall?

What about them? Why not?

And you're going to have to show some valid proof to support your claims
about IPsec being a bad idea when the documented links that have been
provided say that's not the case with IPsec being able to filter
packets. I don't want any lip-service now, but rather, show some
documented proof, because I am just not going to take your word on it.

If you start going off the deep end with this, I am going to drop you
and the conversation like a hot rock in Hell.

Re: Windows Software Firewall

Post removed (X-No-Archive: yes)

Re: Windows Software Firewall

Sebastian Gottschalk wrote:
> Mr. Arnold wrote:
>
>
>>And you're going to have to show some valid proof to support your claims
>>about IPsec being a bad idea when the documented links that have been
>>provided say that's not the case with IPsec being able to filter
>>packets. I don't want any lip-service now, but rather, show some
>>documented proof, because I am just not going to take your word on it.
>
>
> Trivial: IPsec doesn't do the job. It always leaves open at least one port
> for IKE traffic (usually UPD 500, but sometimes also TCP 4500) as well as
> IP protocols 50 and 51.

And I am telling you that you can set rules to block those ports. So, if
I set rules to block those specified ports you're talking about with
IPsec, then what the heck are you talking about?

I can use IPsec in a FW like manner or a packet filtering like manner to
block packets inbound or outbound on ports by port, protocol, IP and
subnet.

You are making no sense.

And I am also telling that what you have stated above will not hold
water with me. No way and no how have you proved anything with valid
proof -- documented proof.

Once again, you show some kind of valid proof that IPsec that's running
on the MS NT based O/S is bad idea. I don't see anything coming from you
but lip-service. I don't see your evidence.

>
> And, if we're talking Windows, you have to disable the default exemptions
> as well, or you'll additionally let bypass some other kinds of traffic.
> Before Windows Server 2003, it wasn't even possible to disable all those
> exemptions.

What? Are you incapable of reading the information in the links.

Dispute the information in the links with other solid information to
dispute it, to support your claims about how IPsec cannot do the job and
cannot not be used in a FW like manner that is being talked about in the
links.

http://support.microsoft.com/default.aspx/kb/813878
http://www.analogx.com/contents/articles/ipsec.htm
http://www.petri.co.il/block_ping_traffic_with_ipsec.htm

I don't see your solid proof. Where is your proof to dispute what's
being talked about in the links above, which you flat-out can't do?

Man, I don't want lip-service from you.

Re: Windows Software Firewall

Post removed (X-No-Archive: yes)

Re: Windows Software Firewall

Sebastian Gottschalk wrote:



>>
>>And I am telling you that you can set rules to block those ports.
>
>
> Well, why don't you simply try that and see how this fails? The GUI and the
> command line interface won't even let you create such rules, and when you
> manually write them to the registry they won't be loaded / won't work.
>

Well I did when I told Ipsec to block all ports.
>
>>So, if I set rules to block those specified ports you're talking about with
>>IPsec, then what the heck are you talking about?
>
>
> Ehm... that these rules don't work? That your "if" won't even be
> fulfillable?

Yeah right, you are such the authority aren't you?
>
>
>>And I am also telling that what you have stated above will not hold
>>water with me. No way and no how have you proved anything with valid
>>proof -- documented proof.
>
>
> Ok, then what about *you* actually reading the documentation then?

I suggest you do the same, because I am using IPsec have been using
IPsec in a supplemental role.

>
>
>>Dispute the information in the links with other solid information to
>>dispute it, to support your claims about how IPsec cannot do the job and
>>cannot not be used in a FW like manner that is being talked about in the
>>links.
>
>
> D'oh, first hit on Google for "IPsec default exemption":

Do you know what FW like manner means?

>



The Internet Protocol Security (IPsec) feature in Windows 2000, Windows
XP and Windows Server 2003 was not designed as a full-featured
host-based firewall.



I have said in previous posts to you that Ipsec was to be used in a
supplemental fashion.

Your head is so hard it's un-believable.

>
> short summary: you cannot filter IKE and ESP/AH traffic at all, you cannot
> filter multicast and broadcast traffic on Windows 2000 and XP

Trivial: I don't care about that as long as I can block by IP or port
period, which I can do.

>
>
>>I don't see your solid proof. Where is your proof to dispute what's
>>being talked about in the links above, which you flat-out can't do?
>
>
> Why do you believe that authors of the linked articles have any clue what
> they're doing?

And you're some kind of an authority?

> Obviously they fell, just like you, for the perception of it
> working as intended, but never bothered to actually audit, which would have
> showed them that it doesn't work as intended (but has some exemptions,
> which punch holes into the "firewall"). Well, most likely one copied from
> the others without thinking about it. Dunno who originally had this stupid
> idea then, was is SANS-ICS?

Yes, I forgot you're Superman and you know it all and you're the supreme
authority.

You have not proved anything and you're on another planet.

Know this that's a soft logical . I am already tired of
you and I am through with you for now. I sure you'll strap on the cape
and fly in on something else you don't like in the future.

Re: Windows Software Firewall

Post removed (X-No-Archive: yes)

Re: <PLANK> - You don"t have it in you to stop posting. It"s impossiblefor you. <g>