[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-Disclosure] Give XP SP2 a chance
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: RE: [Full-Disclosure] Give XP SP2 a chance
- From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
- Date: Sat, 14 Aug 2004 17:33:33 +1200
Goencz, Otto wrote:
[restructured to cure top-postingitis]
> >>I installed XP service pack 2, sure the firewall was there did it bitch
> sure
> it did but I left it up. Told it to allow the applications that use the net
> to work.<<
>
> > Does the XP firewall do application level outbound blocking? I thought it
> > just blocked incoming connections?
>
> Yes, it does bi-directional filtering...
Not really...
The new XP firewall asks to allow unknown applications to bind to a
port -- that is, to set up as listeners. That is only part of what
most folk consider "application level outbound blocking". For
instance, a bot that simply connects outbound to an IRC server will not
raise a warning, but if it tries to bind a port to setup a direct
access backdoor or run a simple TFTP or HTTP server (perhaps to provide
copies of itself to other machines it has scanned and compromised with
a call-back payload), the firewall will alert.
MS had to walk a fine line there between providing a more useful PFW
and being dragged into court for anti-competitive practices if it
provided a "full function" PFW that would clearly be detrimental to an
independent group of software developers.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html