Educause Security Discussion mailing list archives

Re: Correction: XP SP2 ports open to local subnet

From: John Kristoff <jtk () NORTHWESTERN EDU>
Date: Fri, 11 Jun 2004 13:18:47 -0500

I agree with some who are concerned that not filtering packets from the
local subnet is potentially going to be a problem.  In my experience,
where I've put similiar filters on router interfaces at subnet edges,
hosts within the unfiltered subnet(s) would eventually get compromised
by a host that came into the shielded network with something bad.

I haven't played with XP SP2 so someone please fill me in on the
details.

If a XP SP2 host becomes compromised, will the default firewall config
also block packets on egress from the compromised host to hosts not on
the local subnet or are the filters only applied on ingress to itself?

John

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Correction: XP SP2 ports open to local subnet Phil Rodrigues (Jun 09)
- <Possible follow-ups>
- Re: Correction: XP SP2 ports open to local subnet Niedens, Travis (Jun 09)
- Re: Correction: XP SP2 ports open to local subnet John Kristoff (Jun 11)
- Re: Correction: XP SP2 ports open to local subnet Brian Eckman (Jun 11)
- Re: Correction: XP SP2 ports open to local subnet Niedens, Travis (Jun 11)
- Re: Correction: XP SP2 ports open to local subnet Brian Eckman (Jun 11)
- Re: Correction: XP SP2 ports open to local subnet Niedens, Travis (Jun 11)
- Re: Correction: XP SP2 ports open to local subnet Jeff Bollinger (Jun 13)