I have a comp with an early win xp , it has ICF , not "the windows
firewall".
From what I can fathom, the ICF gives no option to restrict IPs of
incoming connections, like "the windows firewall" does.
Is there something like the windows firewall that I can install? I
don`t want some big thing like ZA or something with popups.
Hi,
jameshanley39@yahoo.co.uk schrieb:
> Is there something like the windows firewall that I can install?
Update windwos on that machine.
Cheers,
Jens
Jens Hoffmann
> jameshanley39@yahoo.co.uk schrieb:
>> Is there something like the windows firewall that I can install?
>
> Update windwos on that machine.
Not to mention that the Windows-Firewall wasn't introduced with SP2, but
merely set to be enabled by default. It was included (but not activated
by default) since XP RTM.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Ansgar -59cobalt- Wiechers wrote:
> Jens Hoffmann
> > jameshanley39@yahoo.co.uk schrieb:
> >> Is there something like the windows firewall that I can install?
> >
> > Update windwos on that machine.
>
> Not to mention that the Windows-Firewall wasn't introduced with SP2,
> but merely set to be enabled by default. It was included (but not
> activated by default) since XP RTM.
>
> cu
> 59cobalt
Well, you have not even said when it was introduced.
I do not know if you are right about the windows firewall being
disabled at some stage of windows xp. Nevertheless, I do not have it on
this machine. I have the ICF (which I think was on by default)
Meaning there is no windows firewall icon in control panel. To
configure the ICF, You have to go to network connections...LAN
connection...properties
Anyhow. If anybody knows of an alternative firewall, as I described I
needed, I`d be interested.
jameshanley39@yahoo.co.uk wrote:
> Anyhow. If anybody knows of an alternative firewall, as I described I
> needed, I`d be interested.
Why the heck don't you simply update your winXP to the lastest patchlevel?
Why do you want to f*ck up your system by installing 3rd party snake-oil?
Wolfgang
jameshanley39@yahoo.co.uk wrote:
> I do not know if you are right about the windows firewall being
> disabled at some stage of windows xp. Nevertheless, I do not have it on
> this machine. I have the ICF (which I think was on by default)
>
> Meaning there is no windows firewall icon in control panel. To
> configure the ICF, You have to go to network connections...LAN
> connection...properties
Windows Firewall merely is the ICF renamed and a funny control panel applet
added.
> Anyhow. If anybody knows of an alternative firewall, as I described I
> needed, I`d be interested.
What about WinIPFW?
Sebastian G. wrote:
> jameshanley39@yahoo.co.uk wrote:
>
>
> > I do not know if you are right about the windows firewall being
> > disabled at some stage of windows xp. Nevertheless, I do not have
> > it on this machine. I have the ICF (which I think was on by default)
> >
> > Meaning there is no windows firewall icon in control panel. To
> > configure the ICF, You have to go to network connections...LAN
> > connection...properties
>
>
> Windows Firewall merely is the ICF renamed and a funny control panel
> applet added.
>
I can`t get the ICF to restrict the IPs of incoming connections. The
Windows Firewall can.
other difference is that the ICF seems to a different thing in
function. When you make an entry (for its whitelist) / an exception, it
asks for these parameters( ip of comp hosting service, internal port,
external port). So I think it is meant to be a network software
firewall, with proxy like forwarding with port mapping. The NAT
router, if forwarding, is meant to forward to it , and the ICF forwards
it on. Or it could act as standalone, each computer running its own.
one can ignore the forwarding and internal/external port difference.
But a big weakness relative to the windows firewall is not being able
to restrict ips of incoming connections.
another difference is how one would navigate to it, which is important,
but not technically interesting!
> > Anyhow. If anybody knows of an alternative firewall, as I described
> > I needed, I`d be interested.
>
>
> What about WinIPFW?
I will give that a try - looks like a great option. I think that may be
the only option too.
Sebastian G. wrote:
> What about WinIPFW?
from the bottom of my hearth thank you for that info and link.
jameshanley39@yahoo.co.uk wrote:
> But a big weakness relative to the windows firewall is not being able
> to restrict ips of incoming connections.
You must be kidding. Other than for very server-centric services (f.e. DNS,
SMTP), such a functionality is totally useless. IP addresses are no kind of
authenticated information.
> another difference is how one would navigate to it, which is important,
> but not technically interesting!
For LAN connections, you also have the TCP/IP filtering. For PPP
connections, you have RAS firewall. At the end, it all ends up at the
IPFilter driver.
>>> Anyhow. If anybody knows of an alternative firewall, as I described
>>> I needed, I`d be interested.
>>
>> What about WinIPFW?
>
> I will give that a try - looks like a great option. I think that may be
> the only option too.
Not the only, but the most usable one (hey, it also internally uses
IPFilter). Other ones would be CHX-I (had problems with state tracking in my
tests) and maybe CoreForce (be aware that is does this stupid application
control, and even when switching of this functionality the kernel function
hooks remain). Or, if you go at enterprise level, ISA Server 2004 (sadly
with a dependency for IIS).
goarilla wrote:
> Sebastian G. wrote:
>> What about WinIPFW?
>
> from the bottom of my hearth thank you for that info and link.
As we're are so far now, you should download the latest unstable release
from the SourceForge CVS repository, apply certain patches (ask me via
eMail) and compile it. Even such a little piece of software is horribly
complex and various security problems that the author hasn't fixed yet.
Sebastian G. wrote:
> jameshanley39@yahoo.co.uk wrote:
>
>
> > But a big weakness relative to the windows firewall is not being
> > able to restrict ips of incoming connections.
>
>
> You must be kidding. Other than for very server-centric services
> (f.e. DNS, SMTP), such a functionality is totally useless. IP
> addresses are no kind of authenticated information.
>
if must help.. for a start, the invader will have to know what source
ip to fake to get in, and if he gets in by using that source ip in the
packet, he won`t receive any reply. What can he do?
I did read that "all" such an attacker could do is a DDOS attack. I
guess that wouldn`t include a buffer overflow kind of exploit injecting
a shell or anything.
> > another difference is how one would navigate to it, which is
> > important, but not technically interesting!
>
>
> For LAN connections, you also have the TCP/IP filtering. For PPP
> connections, you have RAS firewall. At the end, it all ends up at the
> IPFilter driver.
>
interesting, I hadn`t seen the Win NT TCP/IP filtering screen before.
Regarding the "RAS firewall". Looking at this link titled RAS firewall,
http://www.ltsw.se/knbase/xp/ras/fw01.asp I don`t see such a thing, I
see the windows firewall, or the ICF. They work for both. The ICF
reached through properties of LAN or dialup connection. The windows
firewall, typically reached via control panel. I see no "RAS firewall"
entity.
> > > > Anyhow. If anybody knows of an alternative firewall, as I
> > > > described I needed, I`d be interested.
> > >
> > > What about WinIPFW?
> >
> > I will give that a try - looks like a great option. I think that
> > may be the only option too.
>
>
> Not the only, but the most usable one (hey, it also internally uses
> IPFilter). Other ones would be CHX-I (had problems with state
> tracking in my tests) and maybe CoreForce (be aware that is does this
> stupid application control, and even when switching of this
> functionality the kernel function hooks remain). Or, if you go at
> enterprise level, ISA Server 2004 (sadly with a dependency for IIS).
You say that ip restriction is not security. What would you say is ?
And if that is the case, then what would be the point of a firewall ?
Isn`t it for security, and it blocks/allows IPs - and ports.
TIA
jameshanley39@yahoo.co.uk wrote:
> if must help.. for a start, the invader will have to know what source
> ip to fake to get in, and if he gets in by using that source ip in the
> packet, he won`t receive any reply. What can he do?
Relaying / proxying instead of spoofing.
> You say that ip restriction is not security. What would you say is ?
Strong authenticatio.
> And if that is the case, then what would be the point of a firewall?
Implementing a concept to segment networks at their boundary.
> Isn`t it for security, and it blocks/allows IPs - and ports.
No, it blocks/allows network traffic, taking into account various aspects of
the traffic including state.
Sebastian G. wrote:
> jameshanley39@yahoo.co.uk wrote:
>
>> if must help.. for a start, the invader will have to know what source
>> ip to fake to get in, and if he gets in by using that source ip in the
>> packet, he won`t receive any reply. What can he do?
>
>
> Relaying / proxying instead of spoofing.
>
>> You say that ip restriction is not security. What would you say is ?
>
>
> Strong authenticatio.
>
you mean like kerberos and nis+ ?
>> And if that is the case, then what would be the point of a firewall?
>
>
> Implementing a concept to segment networks at their boundary.
>
>> Isn`t it for security, and it blocks/allows IPs - and ports.
>
>
> No, it blocks/allows network traffic, taking into account various
> aspects of the traffic including state.
goarilla wrote:
>>> You say that ip restriction is not security. What would you say is ?
>>
>> Strong authenticatio.
>>
>
> you mean like kerberos and nis+ ?
Or IPsec, or anything that goes on the application layer (f.e.
login/password for a WebDAV share).
Sebastian G. wrote:
> goarilla wrote:
>
>
>>>> You say that ip restriction is not security. What would you say is ?
>>>
>>> Strong authenticatio.
>>>
>>
>> you mean like kerberos and nis+ ?
>
>
> Or IPsec, or anything that goes on the application layer (f.e.
> login/password for a WebDAV share).
isn't IPsec an encrypted network layer level protocol
a secure version of IP ?
it also handles authentication ?
goarilla wrote:
> isn't IPsec an encrypted network layer level protocol
> a secure version of IP ?
Yes and no. IPsec-AH does solely handle authentication, IPsec-ESP handles
encryption and optionally authentication.
> it also handles authentication ?
Yes, see above.
On Oct 25, 8:07 am, "jameshanle...@yahoo.co.uk"
> I have a comp with an early win xp , it has ICF , not "the windows
> firewall".
>
> From what I can fathom, the ICF gives no option to restrict IPs of
> incoming connections, like "the windows firewall" does.
>
> Is there something like the windows firewall that I can install? I
> don`t want some big thing like ZA or something with popups.
try the "look n'stop firewall" it's very famous
I am still using it now ! I guess it's the best firewall in the wall !
And its size is just 600kb!!
shmily87@gmail.com wrote:
> On Oct 25, 8:07 am, "jameshanle...@yahoo.co.uk"
>
>> I have a comp with an early win xp , it has ICF , not "the windows
>> firewall".
>>
>> From what I can fathom, the ICF gives no option to restrict IPs of
>> incoming connections, like "the windows firewall" does.
>>
>> Is there something like the windows firewall that I can install? I
>> don`t want some big thing like ZA or something with popups.
>
> try the "look n'stop firewall"
Eh... I guess he wants to use it in a productive environment, not for toying
around.
> it's very famous
Which typically is a bad sign, since the average computer user is highly
incompetent wrt. computers.
> I am still using it now !
I'm sorry for you. Who forced this onto you?
> I guess it's the best firewall in the wall !
It's not even a firewall, it's a host-based packet filter that is unsuitable
to implement any firewall at all.
> And its size is just 600kb!!
You're kidding, right? 600 KB is an overly huge amount of code. You can do
the same with only 60 KB, which sound much more reasonable.
James, as others have mentioned, you really should get that computer up to
service pack 2. Support, including security updates, for pre-SP2 ended in
October 2006. Your computers not running SP2 are definitely out-of-date.
Also, while the original firewall (called "ICF") and the SP2 firewall
(called "Windows Firewall") are the same base code, we added a bit of
additional functionality in SP2. More details here:
http://technet.microsoft.com/en-us/library/bb877979.aspx
--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com
news:471fde41$0$8412$db0fefd9@news.zen.co.uk...
>
> I have a comp with an early win xp , it has ICF , not "the windows
> firewall".
>
> From what I can fathom, the ICF gives no option to restrict IPs of
> incoming connections, like "the windows firewall" does.
>
> Is there something like the windows firewall that I can install? I
> don`t want some big thing like ZA or something with popups.