Educause Security Discussion mailing list archives
Re: Correction: XP SP2 ports open to local subnet
From: Jeff Bollinger <jeff01 () EMAIL UNC EDU>
Date: Sun, 13 Jun 2004 22:01:50 -0400
On Fri, 11 Jun 2004, John Kristoff wrote:
If a XP SP2 host becomes compromised, will the default firewall config also block packets on egress from the compromised host to hosts not on the local subnet or are the filters only applied on ingress to itself? John
No. The XP SP2 Firewall is stateful, so as long as the connection (SYN or otherwise) originates from the compromised host, the connection should remain open. From http://www.microsoft.com/technet/community/columns/cableguy/cg0104.mspx "Windows XP Service Pack 2 (SP2) includes the new Windows Firewall, previously known as the Internet Connection Firewall (ICF). Windows Firewall is a stateful firewall that drops all unsolicited incoming traffic that does not correspond to either traffic sent in response to a request of the computer (solicited traffic) or unsolicited traffic that has been specified as allowed (excepted traffic). Windows Firewall provides a level of protection from malicious users and programs that rely on unsolicited incoming traffic to attack computers." It doesn't really mention anything subnet specific, but for proper functionality for most programs that the user intends to run, it would likely allow all outbound connections. Jeff -- Jeff Bollinger, CISSP University of North Carolina IT Security Analyst 105 Abernethy Hall mailto: jeff@unc dot edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Correction: XP SP2 ports open to local subnet Phil Rodrigues (Jun 09)
- <Possible follow-ups>
- Re: Correction: XP SP2 ports open to local subnet Niedens, Travis (Jun 09)
- Re: Correction: XP SP2 ports open to local subnet John Kristoff (Jun 11)
- Re: Correction: XP SP2 ports open to local subnet Brian Eckman (Jun 11)
- Re: Correction: XP SP2 ports open to local subnet Niedens, Travis (Jun 11)
- Re: Correction: XP SP2 ports open to local subnet Brian Eckman (Jun 11)
- Re: Correction: XP SP2 ports open to local subnet Niedens, Travis (Jun 11)
- Re: Correction: XP SP2 ports open to local subnet Jeff Bollinger (Jun 13)