RE: win2k firewall

["Daniel R. Miessler" <danielrm26 () hotmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Protection is relative...specifically, what are you
> protecting?  What is the point of putting BlackICE on
> a system, particularly a web server?

Perhaps you are not familiar with what BlackIce does.  BlackIce knows
what Code Red is, and it can stop it from hurting an UNPATCHED W2K
machine.  And it can afford this kind of protection vs. hundereds of
other exploits as well.  Basically, you can have it watching every
single packet going to ALLOWED services (those that are open due to
it being a webserver), and making sure that there is nothing
malicious being attempted.  Is that a good reason?

> But wouldn't malicious attempts be "blocked" by simply
> not running services that someone could attempt to
> exploit?  If there's nothing to attack, there's also
> nothing to manage.

There is something to attack - it's a webserver.  There are numerous
attacks that are done with nothing more than mangled http requests. 
BlackIce can stop many of them.  How can I be more clear?

> > P.S. Please don't refer to Steve Gibson's site in an
> > attempt to defame ISS's
> > current BlackIce product - especially the one
> > designed specifically for servers.
>
> Please don't dictate what people can and cannot post.
> If you feel the need to do so, please do so directly
> to the poster, rather than the list.

Ok, fair enough.  I just didn't want to get into the Steve Gibson
thing here.

- -Daniel R. Miessler

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPhs7wlJwf7WiYT5vEQKyNACeKGwo/kQBmNQSKKR04nNe2NHwh4AAoJFL
1dEL4MW17nyS0+omF300k0BJ
=R3Dn
-----END PGP SIGNATURE-----