Re: Windows SP2 firewall: Famous for 3 seconds?

[Darren Reed <avalon () caligula anu edu au>]

In some mail from Sebastian Niehaus, sie said:
> [...]
>
> | What existing functionality is changing in Service Pack 2 for Windows
> | XP?
> | 
> | 
> | Enhanced multicast and broadcast support
> | 
> | Detailed description
> | 
> | Multicast and broadcast network traffic differ from unicast traffic
> | because the response comes from an unknown host. As such, stateful
> | filtering prevents the response from being accepted. This stops a
> | number of scenarios from working, ranging from streaming media to
> | discovery.
> | 
> | 
> | To enable these scenarios, Windows Firewall will allow a unicast
> | response for 3 seconds from any source address on the same port from
> | which the multicast or broadcast traffic originated.
>
> Sounds like a broken concept, as always. Eh?

Not necessarily.  Details are always in the implementation (and I think
that description is likely worded wrongly.)

This has much bigger significance for IPv6 where ARP messages have been
replaced with ICMPv6 messages.

Darren

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html