RE: Windows host-based firewalling feasibility (was term inal services)

["Small, Jim" <jim.small () eds com>]

There is a great program for mapping all your open ports to Windows
processes:
http://www.sysinternals.com/files/tcpview.zip
This program is by noted Windows Expert Mark Russinovich.  You don't even
have to install it.  You just run the program and it maps all your TCP/UDP
endpoints to processes in real time.  It's freeware and works great.

FYI,
   <> Jim

-----Original Message-----
You know, I think this is more difficult than for border routers.  The sheer
number of ports and aps/subsystems trying to use a given port on a Win2k box
(say, for example, an Exchange Server) is really hard for me to keep track
of.  I invested a moderate amount of time researching to figure out what the
various ports were for, etc. and came nowhere close to getting to the bottom
of it, or feeling like I had it under control.  

Lot of work.  I've done it, and it seems like regularly some component pops
out of the woodwork and wants to talk to something on a port I don't
recognize.  And then, as Steve mentions, you have a self-DOS for as long as
it takes for you to ammend the (growing) ruleset.

For me, implementing this on anything but a few internet-facing machines
ONLY is infeasible.  Does anyone do Windows host-based firewalling on the
internal LAN or on a larger scale?

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards