RE: [Full-Disclosure] Give XP SP2 a chance
Date: Sat Aug 14 2004 - 01:33:33 EDT
Goencz, Otto wrote:
[restructured to cure top-postingitis]
> >>I installed XP service pack 2, sure the firewall was there did it bitch
> sure
> it did but I left it up. Told it to allow the applications that use the net
> to work.<<
>
> > Does the XP firewall do application level outbound blocking? I thought it
> > just blocked incoming connections?
>
> Yes, it does bi-directional filtering...
Not really...
The new XP firewall asks to allow unknown applications to bind to a
port -- that is, to set up as listeners. That is only part of what
most folk consider "application level outbound blocking". For
instance, a bot that simply connects outbound to an IRC server will not
raise a warning, but if it tries to bind a port to setup a direct
access backdoor or run a simple TFTP or HTTP server (perhaps to provide
copies of itself to other machines it has scanned and compromised with
a call-back payload), the firewall will alert.
MS had to walk a fine line there between providing a more useful PFW
and being dragged into court for anti-competitive practices if it
provided a "full function" PFW that would clearly be detrimental to an
independent group of software developers.
-- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.htmlReceived on Sat Aug 14 02:53:55 2004
This archive was generated by hypermail 2.1.8 : Sat Aug 14 2004 - 03:03:10 EDT
