Full Disclosure mailing list archives
RE: Give XP SP2 a chance
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 14 Aug 2004 17:33:33 +1200
Goencz, Otto wrote: [restructured to cure top-postingitis]
I installed XP service pack 2, sure the firewall was there did it bitchsure it did but I left it up. Told it to allow the applications that use the net to work.<<Does the XP firewall do application level outbound blocking? I thought it just blocked incoming connections?Yes, it does bi-directional filtering...
Not really... The new XP firewall asks to allow unknown applications to bind to a port -- that is, to set up as listeners. That is only part of what most folk consider "application level outbound blocking". For instance, a bot that simply connects outbound to an IRC server will not raise a warning, but if it tries to bind a port to setup a direct access backdoor or run a simple TFTP or HTTP server (perhaps to provide copies of itself to other machines it has scanned and compromised with a call-back payload), the firewall will alert. MS had to walk a fine line there between providing a more useful PFW and being dragged into court for anti-competitive practices if it provided a "full function" PFW that would clearly be detrimental to an independent group of software developers. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Give XP SP2 a chance Charles Earl (Aug 12)
- Re: Give XP SP2 a chance ASB (Aug 12)
- Re: Give XP SP2 a chance Stef (Aug 12)
- RE: Give XP SP2 a chance Geo. (Aug 12)
- <Possible follow-ups>
- RE: Give XP SP2 a chance Todd Towles (Aug 12)
- RE: Give XP SP2 a chance Goencz, Otto (Aug 12)
- RE: Give XP SP2 a chance Nick FitzGerald (Aug 13)