Is the fireall that comes with Windpws XP any good?

It's a good inbound protection, only down fall to it is no outbound protection. You can't prevent application, from getting out, like Trojans, Spyware and such.

Thx Smack.

Hi guys,

even the inbound protection is very basic. Not much you can set or change. Let's say it's for people who don't care much about security. Like that they have at least some sort of firewall. Even though I think that the protection isn't that good...

Regards,

Patrice

-{ Quote: " quoting: Patrice link=board=23;threadid=9170;start=0#59968 date=1052723172]
Hi guys,

even the inbound protection is very basic. Not much you can set or change. Let's say it's for people who don't care much about security. Like that they have at least some sort of firewall. Even though I think that the protection isn't that good...

Regards,

Patrice
" }-

Hello,

The protection is really good for IN ;)

The main issue is you cannot allow a range of ports: you have to enter them one by one : that's crippling ASF, for instance, if you are using a personal FTP server in PASV.

Rgds,

Hi JacK,

well, I don't think so! ;) If you use FIN or SYN flags to ping the computer, you will see, that the computer is responding. So, there's won't be a problem for a hacker to find out if there's a computer online or not. That's the reason why I think that the firewall is bad. As you certainly know, the test on PC Flank are quite good to simulate that if you don't wanna use port scanning tools yourself.

Best regards,

Patrice

Ah, but then that comment leads back to which is "better," closed or "stealth" ports? *If* that's the distinction you're making and there's nothing else, what's the danger if someore knows your computer is online through such pings, if your ports are closed? If you're being scanned by a robot scanner that finds no holes, it will move on for easier more interesting and vulnerable prey.

Why would closed ports attract anyone's interest when there are so many readily vulnerable machines open on the net for the taking? If you're being specifically targeted by a real person, perhaps they already have your IP and have sought you out intentionally. But that's another issue. So how does simply knowing a pc is there can make one vulnerable if one's ports are closed? And to what kind of attack?

"Stealth" is something firewall vendors push as a desirable, but I suspect it is vastly overrated and is more of a marketing issue than a security necessity.

Hi sig!

Nope, that's not just a marketing issue. For sure some firewalls aren't stealth even if they say they are. There you are right with your argument. But look for example at Look'n'Stop (I'm using it that's why I can talk about it). This firewall is absolutely stealth. I didn't manage til today that it sends a signal back...

Let's say it like this, if a hacker encounters a computer which has closed ports, he won't just go away for an easier target. Sure if there are other interesting targets wiht open ports he will try there. But if the ports are closed this doesn't mean, that the will stay closed all the time. Let's say he just needs to send some specific data (so called exploits) and bumm, a port is open. :o

Personally, I prefer to have stealth ports. Better that the hacker means I'm down than that he knows that my computer is online and running (closed ports). You certainly agree that this makes my computer an easier target, right? ;)

Regards,

Patrice

-{ Quote: " quoting: SmackDown link=board=23;threadid=9170;start=0#59879 date=1052689905]You can't prevent application, from getting out, like Trojans, Spyware and such." }-

But you can't it prevent it with a personal firewall either.

wizard

-{ Quote: " quoting: Patrice link=board=23;threadid=9170;start=0#59968 date=1052723172] Even though I think that the protection isn't that good...
" }-

It is even better than a personal firewall because it is part of the operating system and not as an application. That's a big advantage. :)

wizard

Hi wizard,
-{ Quote: " quoting: wizard link=board=23;threadid=9170;start=0#60096 date=1052769880]But you can't it prevent it with a personal firewall either." }-

Sure you can prevent it. With Look'n'Stop for example you will be noticed if an application wants to go out and even if its signature changed. Did I get your answer wrong?

Regards,

Patrice

-{ Quote: " quoting: Patrice link=board=23;threadid=9170;start=0#60074 date=1052764449] If you use FIN or SYN flags to ping the computer, you will see, that the computer is responding. So, there's won't be a problem for a hacker to find out if there's a computer online or not. " }-

If a 'hacker' sends you ping to a firewall with 'stealth' mode he does not get a reply and therefore he knows that you are online as well and he nows even more: that you have a firewall running. I think that makes your computer even more intressting for the hacker. ;)

wizard

Hi again,

well, turn you computer off and ping it with another computer. You won't get any answer. Does this mean that your computer is stealth? Try to hack it then... ;D

You got my point now? ;)

Regards,

Patrice

-{ Quote: " quoting: Patrice link=board=23;threadid=9170;start=0#60099 date=1052770107]Sure you can prevent it. With Look'n'Stop for example you will be noticed if an application wants to go out and even if its signature changed. Did I get your answer wrong?" }-

If you run malware on your system it will run with the same 'rights' than a desktop firewall and therefore it can do what ever it wants:

- disable the desktop firewall
- tunnel the firewall with application
- change the ruleset
- controll the keyboard and mouse input
and so on and so on...

The truth is that there is no real 'outbound' protection except of simpler malware that doesn't do one of the tricks above.

wizard

-{ Quote: " quoting: Patrice link=board=23;threadid=9170;start=0#60101 date=1052770251]well, turn you computer off and ping it with another computer. You won't get any answer. Does this mean that your computer is stealth? Try to hack it then... ;D" }-

There is a difference between the answer of a 'stealthed' computer (no answer) and one that is turned off(answer: no host available). You can be sure that a hacker can 'see' the differences as well. ;)

wizard

Hi again,
-{ Quote: " quoting: wizard link=board=23;threadid=9170;start=0#60102 date=1052770379]If you run malware on your system it will run with the same 'rights' than a desktop firewall and therefore it can do what ever it wants:

- disable the desktop firewall
- tunnel the firewall with application
- change the ruleset
- controll the keyboard and mouse input" }-

But first of all it needs to be installed on the system in some way. Therefore you got other tools to prevent you of this danger. When you restart the computer this tool has to be in the autostart and for this you have again other tools to warn you. Tunneling the firewall is quite difficult...

Regards,

Patrice

Hi again,
-{ Quote: " quoting: wizard link=board=23;threadid=9170;start=0#60103 date=1052770582]There is a difference between the answer of a 'stealthed' computer (no answer) and one that is turned off(answer: no host available). You can be sure that a hacker can 'see' the differences as well. ;)
" }-

I disagree, when I do a portscan of my IP range I don't get an answer like "no host available" when my computers are down. Even when they are up I don't get an answer like this. They just don't show up that's it. Which port scanning tool are you talking about then? As far as I know I'm using one of the most sophisticated...

Greetings,

Patrice

-{ Quote: " quoting: Patrice link=board=23;threadid=9170;start=15#60104 date=1052770599]But first of all it needs to be installed on the system in some way. Therefore you got other tools to prevent you of this danger." }-

Yes and that is the point: If you really want to be protected from this kind of threats you could not rely on a personal firewall.

-{ Quote: " When you restart the computer this tool has to be in the autostart and for this you have again other tools to warn you." }-

No not at all.

-{ Quote: "Tunneling the firewall is quite difficult..." }-

No it's not. Several 'leak test' utilities proofed tunneling concepts several times in the past.

wizard

How would a closed port suddenly be open on the internet when you're running a firewall? Say ZA at medium net security level. (Although the issue originally was talking about syn pings to the XP firewall getting a response and stealth to just ordinary port scans.) Or let's say, even without a firewall in such an instance: with W98 I could do away with a firewall since my ports on the internet were closed and I ran no services that would open them. Why would a hacker (if there was one and not automated bots and other compromised machines) hang around just on the off chance I might just decide to run a server on the net and open a port? I never did in 5 years and I doubt someone would sit and wait just for the chance it might happen.

One has to do something to open a port on the internet, like run a server for example. Or one could drop the firewall AND have open ports that lead to vulnerabilities that a bot or hacker can exploit. (My understanding is that an open port in and of itself doesn't always represents a vulnerability unless it opens to something that can be exploited. It depends which ports are open and if there's a vulnerability that might be subject to exploit. Not that I would recommend running open ports on the net for the average home user who wouldn't know what's safe or not.)

But anyway, ports that are really closed to the net don't just flop open on the net without the user doing something to make it so, especially if you're running a firewall. And then it would be open on the net even with your better than XP's ICF firewall. If you open ports by rrunning services on the internet, your firewall won't stealth or close them. Of course, you'd have to *set up* the firewall to allow a server to run on the net. But that's my point. Ports don't just open on the net if you're running a firewall. You'd have to do something to make it happen.

Also, given your scenario, since most of the scanning one sees on the net are by automated robots and compromised pcs, rather than an actual person directing each move, how long will this rare person just hang around in case this anonymous pc's user decides to suddenly run a server or drop his firewall? What are the odds of either happening and a hacker just waiting on this one unextraordinary pc among millions?

Unless it's a specific targeted attack for a specific reason in which case the person most likely has your IP and has some special motivation and knows you're going to do something to open a port to the internet through your firewall, I don't see how your scenario answers the issue.

And if you drop your firewall, then the issue is really moot because we're talking about a firewall showing either closed or stealth ports to specific types of scans and how some scans getting a response might or might not make your pc vulnerable. In and of itself, it just doesn't.

-{ Quote: " quoting: wizard link=board=23;threadid=9170;start=15#60108 date=1052771215]Yes and that is the point: If you really want to be protected from this kind of threats you could not rely on a personal firewall." }-

I agree, but let's say it like this. You can't rely on a personal firewall only. Something like a Registry Monitor (like RegProt or the Cleaner for example) come into the game.

-{ Quote: " quoting: wizard link=board=23;threadid=9170;start=15#60108 date=1052771215]No not at all." }-

Well, I'm talking for me in this special case, but I know every process which is running on my machine. TDS-3 shows me very well which processes are started and which have been changed. If there's a new one I get suspicous...

-{ Quote: " quoting: wizard link=board=23;threadid=9170;start=15#60108 date=1052771215]No it's not. Several 'leak test' utilities proofed tunneling concepts several times in the past." }-

Look especially at the results of Look'n'Stop:

http://www.pcflank.com/art21.htm

Best regards,

Patrice

-{ Quote: " quoting: Patrice link=board=23;threadid=9170;start=15#60105 date=1052770825] As far as I know I'm using one of the most sophisticated...
" }-

If your computer is not online than the last router before the host will send back the reply "destination or host unreachable".

wizard

Hi sig,

I think you got me wrong in a way. If I read your post it seems to me as if the hacker is waiting for a port to open. No, I wasn't suggesting that! Let's go through it: A hacker uses a port scanning tool for a specific IP range. After that he has some results of some computers which are up and running. He scans them more thoroughly. There he finds open ports (weak security) and closed ports. Let's assume that he goes for the computer with the closed ports. He scans the whole machine and finds out which OS is running and that all ports are closed. What is he doing now? He sends some code to a port for example and uses a known exploit. (Please don't ask me how he will do this exactly: First I'm not a hacker and secondly I won't go into the technical stuff. For that you can go to Microsoft TechNet for example if you wanna know more about such exploits)

So, he sends some code which will cause an error on the compromised computer which leads to a port to open. Sure if you use a firewall, this whole process is much more difficult! You can also send code, so that the whole computer crashes because you overload the CPU with this code. Like that he's able to enter the computer. There are always ways to get into a system. Even if you use firewalls. Just send for example 1'000 packets to a special port within some seconds. The firewall tries to block everything but gets overloaded after a while and crashes. Bumm, there's no more firewall running on your computer. :o

That's what I really meant. Do you see my point more clear now? ;)

Regards,

Patrice

Hello,

I don't use ICF, I just tried it at the very beginning when I installed WinXP 2 years ago and you can be in stealth mode if you want : just set it not to accept ICMP and it passes all stealth tests with flying colours :)

Even with packets with special flags, not only SYN and FIN :8

Rgds,

-{ Quote: " quoting: Patrice link=board=23;threadid=9170;start=15#60111 date=1052771589]Well, I'm talking for me in this special case, but I know every process which is running on my machine. TDS-3 shows me very well which processes are started and which have been changed. If there's a new one I get suspicous..." }-

If you inject the trojan code into a valid process like explorer.exe than there is no chance for a process viewer.

-{ Quote: "http://www.pcflank.com/art21.htm" }-

And the next 'Leak test' is just around the corner... ;)

wizard

Hi JacK,

interesting indeed, wasn't aware of this. I don't use this firewall myself. Thanks for the information!

Regards,

Patrice

P.S. But nevertheless I'm sure that this firewall isn't that safe. But I would have to test it more thoroughly to prove my hypothesis! ;) But I won't do that with this Microshit software, I'm happy with LnS, which I tested thoroughly.

Hi wizard,
-{ Quote: " quoting: wizard link=board=23;threadid=9170;start=15#60119 date=1052772836]If you inject the trojan code into a valid process like explorer.exe than there is no chance for a process viewer." }-

O.K., but Look'n'Stop nevertheless gives an alert because the signature of this process has changed. Well, by the way I doubt that TDS-3 doesn't find this out, but let's assume this would be the case.

-{ Quote: " quoting: wizard link=board=23;threadid=9170;start=15#60119 date=1052772836]And the next 'Leak test' is just around the corner... ;)" }-

There you are completely right! For further information go here: ;)

http://www.wilderssecurity.com/showthread.php?t=7680

Regards,

Patrice

-{ Quote: " quoting: wizard link=board=23;threadid=9170;start=15#60115 date=1052772302]If your computer is not online than the last router before the host will send back the reply "destination or host unreachable". " }-

Yes, this is a key issue with trying to run fully stealthed.

-{ Quote: " quoting: Patrice link=board=23;threadid=9170;start=15#60116 date=1052772435]So, he sends some code which will cause an error on the compromised computer which leads to a port to open." }-

Well, I've never heard that a port would just open because something from outside sent data to it. If there is nothing running on the system to listen on that port, exactly what does the port open into?

Patrice: he sends code to an already compromised computer? Is that what you meant? If the computer's already compromised so that communication is possible in spite of the firewall, you're already screwed IMO. That's getting even further into the realm of what if's, it seems to me . More likely that the trojan or bot will find it's own way to communicate under or through your firewall and no need for a patient hacker collecting IP's of people with closed ports. The trojan will give him whatever he needs.

All this because a certain type of ping might show you're online? Assuming an uncompromised computer, what then?

-{ Quote: " quoting: Patrice link=board=23;threadid=9170;start=15#60120 date=1052772946]
Hi JacK,

interesting indeed, wasn't aware of this. I don't use this firewall myself. Thanks for the information!

Regards,

Patrice

P.S. But nevertheless I'm sure that this firewall isn't that safe. But I would have to test it more thoroughly to prove my hypothesis! ;) But I won't do that with this Microshit software, I'm happy with LnS, which I tested thoroughly.
" }-

Hello Patrice,

It is rock solid as far as IN is concerned, no problem at all ;)

It's a bit strange to be sure without any test, clue or known exploits 8)

I know people using it with NIS to be stealth for NIS always leaves (left ?) a port non stealth on the range 1024-1040 whatever the settings are (were ?)

Cheers,

Hi all,

wow, let's see if I can give answers to all your questions... JacK, I'm sure because I've read an article about this firewall somewhere in a computer magazine (c'T, CHIP or whatever). It's not just an assumption because it's Microsoft! ;) This firewall doesn't have stateful packet inspection as far as I know. Do you know more about this issue?

LowWaterMark, you can send some code to a computer which will lead to the crash of several applications. Because of that, the hacker will be able to overtake the computer. You will find more information about that on Windows TechNet, theses issues can be found in the Update Section for example. There are some patches which are providing security against such attacks. But I'm sure that there are some possibilites which they haven't found until now as well...

Sig, with a compromised computer I meant a computer which is known to be up and running. Not a computer which has a trojan installed. Then the situation would be really bad. Sure, this isn't an easy task for a hacker to hack into a computer with closed ports, but it's still possible.

So, hope I answered all questions and remarks until now. ;)

Best regards,

Patrice

@Patrice
-{ Quote: " [...] you can send some code to a computer which will lead to the crash of several applications. Because of that, the hacker will be able to overtake the computer. " }-

You are surely talking about exploitable internet services here, which might be found everywhere but _not_ on a system without _any_ service running - and that's the reason why everybody gives advice to stop any (unneeded) services.
A computer with no open ports (no running services) can't be just 'hacked' from the outside - no matter, if there is a firewall, or not. :)

The problem is, that WinNT/XP/2000 runs a bunch of internet services (-> open ports) in its default config! These can even be exploitable (see TechNet.)
And unfortunately, it is a bit tricky to stop all these (unneeded) services without causing system instabilities. :-\

-{ Quote: " quoting: Patrice link=board=23;threadid=9170;start=30#60199 date=1052818197]
Hi all,

wow, let's see if I can give answers to all your questions... JacK, I'm sure because I've read an article about this firewall somewhere in a computer magazine (c'T, CHIP or whatever). It's not just an assumption because it's Microsoft! ;) This firewall doesn't have stateful packet inspection as far as I know. Do you know more about this issue?

" }-

Hello Patrice,

You don't know far enough ;)

Stateful Packet Filtering
At the core of ICF is a stateful packet filter. Unlike a static packet filter, which decides whether or not to drop a packet based solely on that packet’s addressing information, a stateful packet filter bases its decisions on both a packet’s state and the context information of a session. This stored state provides the filter the means to enforce a richer and more comprehensive set of rules than a static filter.

More info on ICF :
http://www.microsoft.com/windowsxp/pro/techinfo/planning/firewall/icf.doc

Rgds,

Personally I feel the XP Built-In Software Firewall is inefficient, it has its advantages for being Integrated part of Windows but then again Look ‘n’ Stop in particular also designed for PC use as an Integrated part of Windows also. Look ‘n’ Stop is like 100% Driver based, No security elements is handled by the application part. And In case of the unlikely event that the user interface is deleted it will have no effect on the functionality and security of the firewall, and if Look ‘n’ Stop Personal Firewall was deleted by accident or deliberately – "Persistant Internet Filtering" When enable, Internet filtering is still active (still securing your box).

And thus is one of the reasons why Look ‘n’ Stop and firewalls alike are so small & stable and provide Ultimate security Levels.

Then again in reference to Look ‘n’ Stop specially; it’s got some disadvantages such like the Non-use of settings encrypting, so a malicious code was deliberately targeting Look ‘n’ Stop whelp… Let’s say there is Risk to consider of its settings being manipulated if the Application Module was terminated.

-

There are a lot of “OLD” Sophisticated TCP, UDP port Scanners which verifies if the Machine Exists by sending ICMP Packets, and in fact there are a lot of domain scanning systems for linux and so on which does the very thing. But besides the point Hackers scan domain ranges for specific exploitable services, if the port is seen Open or even Closed you will most likely be a quick fix for these folks. And if you have somewhat static IP your domain could be scanned one day and your box exploited the next day, because they go through possibly a large list of founds.

Only way you be an interested target even if you port or ports were seen as “Stealthed” is if you were intentionally a specific target for thrills, one way or another you pissed off a Hacker or Hax0r who’s attempting to revenge by doing thorough Scans to find any means possible to make you pay, even if you didn’t do anything just your presents alone in an IRC Chat room for instance would piss off these nutz…

I have much to say in reply to all these posts in this topic but I’m not here to attempt to bore people. :-X

Regards,

"Sig, with a compromised computer I meant a computer which is known to be up and running. Not a computer which has a trojan installed. Then the situation would be really bad. Sure, this isn't an easy task for a hacker to hack into a computer with closed ports, but it's still possible"

I find that debatable if you're running no services to exploit. And generally when people refer to "compromised" pc's in security forums they mean pc's whose security has actually been compromised by malware such as a trojan. It's not "compromised" by simply being online and detectible by a port scan, although I imagine some firewall vendors would like people to think so. ;)

For example, would you say a pc running ZA at medium (showing closed ports on the internet) is a "compromised" pc?

But in any case, the instance which started this discussion is that you claimed the ICF was unsafe because it allowed responses to certain pings (and someone pointed out how the ICF can be set not to return a response). So are you maintaining that just by the port returning a response to a syn ping (but showing closed) that will allow a hacker to blast his way through the running firewall?

Hi _anvil, JacK and Ph33r_,

thanks for the information they were very useful. _anvil, yeah that's exactly what I meant! But who is able to turn off all the services. I guess most of the users haven't done so yet.

Sig, yeah we can discuss about the word "compromised". Let say you're right. I just used a more dramatic word to show you that they know that you are up and running. ;)
Certainly it's a difficult task to pass a firewall, but as I already said, a simple trick is to send a huge amount of packets within some seconds. Ph33r_ once tested Look'n'Stop like that. This firewall didn't crash at all. But I know that there are others which would crash... I don't know about ZA, but this is certainly a good firewall as well!

You have to understand it like this. Hackers are pinging a whole range of IP-numbers. They save all the results and come back later to these systems they got a response. If your computer has closed ports, he has your IP as well. Do you see why I say you should have stealthed ports. Then he doesn't have your IP, he already has enough other IP's to work on... ;D Do you get it what I wanted to say? ;)

Regards,

Patrice

_anvil,
-{ Quote: " quoting: _anvil link=board=23;threadid=9170;start=30#60492 date=1052925697]A computer with no open ports (no running services) can't be just 'hacked' from the outside - no matter, if there is a firewall, or not." }-

Actually, I'm not so sure about this statement... I already read about some post of hackers which proves the contrary.

Regards,

Patrice

You in reference too;

-{ Quote: "Look ‘n’ Stop Personal Firewall is extremely stable even under Massive Attacks, I’ve tested by setting a couple of powerful Hi Boxes on my xDSL butt, 85-100Packets per Second being Logged by my End to Look ‘n’ Stop “Log” screen which was going for 2/3 hours Non-Stop, no System Delays, Crashes, Freezes, or Errors of any kind." }-

;)

Hey Patrice

He’s right a System without Running Services cannot be “Hacked” remotely...

Regards,

Hi Ph33r_,

thanks for the info! Is it possible to have a Windows with no services running on it. I just checked my services, there are quite some running there. And some of them you absolutely need to be able to work with the computer...

Best regards,

Patrice

Depending on the stability of your Software Firewall; stealthing the ports you could withstand great deal more amount of Attacks then what you normally would without stealthing the ports.

SO ICF Isn’t properly blocking Inbounds but you configure it to properly block the ICMP Outbounds to prevent replying to malicious TCP Flags Scans Packets then imagine what would happen if one Attacks you using those type TCP Flags from an Hi Box? You’ll System would quickly take up 100% CPU Usage and Generate a System Failure which normally by users particular unmodified setting, you’d be Automatically re-booted…

This kind of tests allows you to determine the stability of your Software Firewall too, but u see more then 1 way to kill a cat… ;)

Mhh... sounds interesting to me! Would love to see that! ;)

Patrice like you said you have quite a number of services which provides necessary functionality you require to be happy user, you can do quite a number of ports disabling by Registry Tweaking without necessarily disabling the entire Services. But it all depends really on what your requirements are, but knowing whether your requirements involve Local Area or Internet you can determine the appropriate actions. And you have to know which ports are remote accessible too, you can Listen on Ports and still only apply to Internal Connections (Local Area Networks) without needing to use a Software Firewall to Shield them from the Internet…

-{ Quote: " quoting: Ph33r_ link=board=23;threadid=9170;start=30#60524 date=1052941491]
SO ICF Isn’t properly blocking Inbounds but you configure it to properly block the ICMP Outbounds to prevent replying to malicious TCP Flags Scans Packets then imagine what would happen if one Attacks you using those type TCP Flags from an Hi Box? You’ll System would quickly take up 100% CPU Usage and Generate a System Failure which normally by users particular unmodified setting, you’d be Automatically re-booted…
" }-

Hello Ph33,

Could you give any link wher it is said ICF does not block properly Inbounds ?

TIA

You can only configure ICF to block Outbounds ICMP IF you first accepted Inbounds and so you are not in stealth mode (accepting IN Echo request for instance), otherwhise, there is nothing to configure if you filter ICMP inbounds.

Rgds,

JacK

When configured and tested at pcflanks for an example using “Stealth Test” do you have TCP Non-Stealth indications?

If not, then does it block by the TCP Inbounds? Or do you suppose it doesn’t block TCP Inbounds but still you considered Stealthed due to not responding to the half-open TCP Scan Packets because you are blocking the specific Outgoing ICMP Type and Code which states otherwise?


Regards,

-{ Quote: " quoting: Ph33r_ link=board=23;threadid=9170;start=30#60561 date=1052957126]
JacK

When configured and tested at pcflanks for an example using “Stealth Test” do you have TCP Non-Stealth indications?

If not, then does it block by the TCP Inbounds? Or do you suppose it doesn’t block TCP Inbounds but still you considered Stealthed due to not responding to the half-open TCP Scan Packets because you are blocking the specific Outgoing ICMP Type and Code which states otherwise?


Regards,
" }-

Nite Ph33r,

I don't use it for me as I need Outbound control, I just tested it in the very beginning about 2 years ago and it passed all the stealth test on PCflank with flying colours (with the default configuration as far as I remember but maybe I went to the advanced setting to tune the ICMP), as well the stealth tests with TCP ping packet, TCP NULL packet, TCP FIN packet, TCP XMAS packet, UDP packet or SYN Packet : nothing appears closed or open : everything Blocked.
I cannot rerun the test on this machine for I disabled a lot of useless or potentially dangerous services according to my needs.

Cheers,

Guess we both in a situation; 1stly my Networks Adapters are binded and if I try to unbind it my Internet Connection becomes un-repairable. And if I was to put my PC in Pre-Install state then I have my Internet Connection Filtering invalid TCP Flag Combinations. :(

Hi JacK,

I guess I was right concerning the XP firewall. Go ahead and read the post from meneer:

http://www.wilderssecurity.com/showthread.php?t=9447

Quite interesting workaround they advise... ;)

Regards,

Patrice

-{ Quote: " quoting: Patrice link=board=23;threadid=9170;start=45#msg61786 date=1053443436]
Hi JacK,

I guess I was right concerning the XP firewall. Go ahead and read the post from meneer:

http://www.wilderssecurity.com/showthread.php?t=9447

Quite interesting workaround they advise... ;)

Regards,

Patrice
" }-

Hello Patrice,

I know that ;)

IPv6 Protocol is only installable on WinXP and Win2k3 and you have to install it by command line : it's not installed by default. I doubt any lambda user runs it.

BTW I don't know which current FWs for Windows OS support IPv6 by now. I know some for LINUX

Rgds

-{ Quote: " quoting: JacK link=board=23;threadid=9170;start=45#msg61803 date=1053448363]
BTW I don't know which current FWs for Windows OS support IPv6 by now. I know some for LINUX
Rgds
" }-

Outpost 2 is supposed to be compatible. Can test it, though... my windows is not :)

-{ Quote: " quoting: Patrice link=board=23;threadid=9170;start=45#msg61786 date=1053443436]
Hi JacK,

I guess I was right concerning the XP firewall. Go ahead and read the post from meneer:

http://www.wilderssecurity.com/showthread.php?t=9447

Quite interesting workaround they advise... ;)

Regards,

Patrice
" }-

Hullo Patrice,

When you install the 3degrees peer-to-peer demonstration application,
there's a firewall extension loaded which supports IPV6.

netsh firewall show logging
netsh firewall show adapter

command-line interface for admin.


Rgds,

JacK