Re: Windows networking specifics (Was: re: Annoying pop-ups)

[Mikael Olsson <mikael.olsson () clavister com>]

Luca Berra wrote:
> Mikael Olsson wrote:
> > Neil Ames wrote:
> > > [block port 139]
> > This is somewhat disconcerting.
> > [block port 445 too]
>
> there has been a precise question "which port is used for windows
> messaging popup, how do i stop it?" and a precise answer "port 139,
> icf". so please calm down.

Here's an abject lesson in windows networking:

- Block port 139, tcp as well as udp
  Can connect to computer management interface
  Can connect to remote registry
  Can access all shares and printers
  "net send" works

- Block ports 136-445, tcp as well as udp.
  Can authenticate and connect to f.i. exchange servers and other
    RPC services that do not require port 139/445 for auth.
  "net send" still works

- Block ports 135-139, tcp as well as udp
  Can connect to computer management interface
  Can connect to remote registry
  Can access all shares and printers


> btw icf is not that bad for a product embedded in a microshaft os
> stateful, blocks everything by default, so probably Neil's  
> suggestion also answers your concerns.

http://support.microsoft.com/default.aspx?scid=KB;EN-US;q314757&;

Please study, in detail, the section that says "the ICF does not block 
incoming broadcast or multicast traffic", and especially the bit that
explains how f.i. UPnP can be broadcast. [1]


-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com

[1] Broadcasts can be directed across the Internet, too.
    This is why smurf amplification works.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards