Windows Firewall (SP2) & some help

Discussion in 'other firewalls' started by rerun2, Sep 16, 2004.

Thread Status:
Not open for further replies.
  1. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    I have read a lot of different sources about whether Windows Firewall SP2 has outbound protection. From what I can tell, it seems like it ocassionally asks whether an application should be added to its exception list. I do not think this is really outbound protection and do not understand why it does not ask for every application that needs internet access. Can someone explain in more detail how this "outbound protection" works and how it determines on what apps need to be asked for permission (exception list) and which do not.

    I ask because I am trying to setup a computer for a friend and they have insisted on a file sharing app (specifically edonkey). I gave them a basic NAT router that I had lying around but had a heck of a time trying to setup edonkey as I am not familiar with it at all. The ports I have seen posted for edonkey do not match the ones in the application (v1.0). And on top of that Im trying to get it working with LnS the firewall I recommended.

    What I was thinking of doing is to setup the router and windows firewall (if any configuration is necessary) with edonkey first. I am hoping windows firewall will not need any configuration with edonkey (that is why i asked about windows firewall outbound protection). If anyone can confirm this that would be really great. Hopefully this will be sufficient for the time being. And then maybe I will use the app filtering in LnS and turn off internet filtering until I can setup some working rules for it.

    If anyone has created some working import rules for edonkey under LnS, and would like to share them, it would be most appreciated. Also any information in regards to how edonkey works and necessary rules would be appreciated.

    I have about another night to test the configuration on a spare home computer before i work on the real deal. So am hoping I can get some thoughts to get started in the right direction.

    Thanks in advance
     
  2. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    The XP SP2 firewall has no outbound protection, except for some icmp control, period. Those prompts are for your software accepting connections from the outside, basically acting like servers. If you want a program to act like a server, then you allow it, if it doesn't need to act like a server, you don't need to permit anything. Since p2p programs act like a server to allow people to download from you, its obvious you would have to permit it to act like a server.

    When in doubt, read the windows help file :cool:
     
  3. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    Thanks for the reply

    Do you know what activity is required by the application to trigger this prompt? I notice that apps like browsers and security software updaters do not trigger this prompt. While apps like instant messengers and file sharing programs do. Browsers and security software updaters definitely fall more into applications that only require client rights. While the latter two fall more into server rights. So how does the Windows firewall determine which applications should trigger the prompt after the applications first internet access attempt? Also if the Windows firewall DOES ask you for permission from an application that only needs client permissions, and you dont unblock it, the application should still work?
     
  4. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Programs like p2p/IM programs do need to be a server depending on the program, and what they are dong. When it comes to browsers, generally no, but if you don't use passive ftp the browser must accept an inbound connection for the ftp transfer, also some streaming programs might require you allow the browser running the plugin to act like a server. Most update programs only need to make outbound connections, but sometimes they might use a standard ftp connection like I mentioned with browsers to download an update, which require they act as a server.

    You should be fine for the most part if you prevent a program that should be a client only from being a server, just make sure its not causing something important to fail like software won't auto-update.
     
  5. rerun2

    rerun2 Registered Member

    Joined:
    Aug 27, 2003
    Posts:
    338
    Thank you for the explanation BlitzenZeus.

    I am also happy to report that I got the rules for edonkey working on my router and LnS. So hopefully I can get everything working tomorrow when I setup my friend's computer :)
     
Loading...
Thread Status:
Not open for further replies.