which is a good small firewall for win xp pre sp2 ? - alternative to ICF?

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View

I have a comp with an early win xp , it has ICF , not "the windows
firewall".

From what I can fathom, the ICF gives no option to restrict IPs of
incoming connections,  like "the windows firewall" does.

Is there something like the windows firewall that I can install?  I
don`t want some big thing like ZA or something with popups.

Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?
Hi,

jameshanley39@yahoo.co.uk schrieb:
Quoted text here. Click to load it

Update windwos on that machine.

Cheers,
   Jens

Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?
Quoted text here. Click to load it

Not to mention that the Windows-Firewall wasn't introduced with SP2, but
merely set to be enabled by default. It was included (but not activated
by default) since XP RTM.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?
Ansgar -59cobalt- Wiechers wrote:

Quoted text here. Click to load it


Well, you have not even said when it was introduced.  


I do not know if you are right about the windows firewall being
disabled at some stage of windows xp. Nevertheless, I do not have it on
this machine. I have the ICF (which I think was on by default)

Meaning there is no windows firewall icon in control panel. To
configure the ICF, You have to go to network connections...LAN
connection...properties


Anyhow. If anybody knows of an alternative firewall, as I described I
needed, I`d be interested.

Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?
jameshanley39@yahoo.co.uk wrote:
 
Quoted text here. Click to load it

Why the heck don't you simply update your winXP to the lastest patchlevel?

Why do you want to f*ck up your system by installing 3rd party snake-oil?

Wolfgang

Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?
jameshanley39@yahoo.co.uk wrote:


Quoted text here. Click to load it


Windows Firewall merely is the ICF renamed and a funny control panel applet
added.

Quoted text here. Click to load it


What about WinIPFW? <http://wipfw.sourceforge.net>

Re: which is a good small firewall for win xp pre sp2 ? - alternativeto ICF?
Sebastian G. wrote:

Quoted text here. Click to load it

I can`t get the ICF to restrict the IPs of incoming connections. The
Windows Firewall can.

other difference is that the ICF seems to a different thing in
function. When you make an entry (for its whitelist) / an exception, it
asks for these parameters( ip of comp hosting service, internal port,
external port).  So I think it is meant to be a network software
firewall, with proxy like forwarding with port mapping.  The NAT
router, if forwarding, is meant to forward to it , and the ICF forwards
it on. Or it could act as standalone, each computer running its own.
one can ignore the forwarding and internal/external port difference.
But a big weakness relative to the windows firewall is not being able
to restrict ips of incoming connections.

another difference is how one would navigate to it, which is important,
but not technically interesting!


Quoted text here. Click to load it

I will give that a try - looks like a great option. I think that may be
the only option too.

Re: which is a good small firewall for win xp pre sp2 ? - alternativeto ICF?
jameshanley39@yahoo.co.uk wrote:


Quoted text here. Click to load it


You must be kidding. Other than for very server-centric services (f.e. DNS,
SMTP), such a functionality is totally useless. IP addresses are no kind of
authenticated information.

Quoted text here. Click to load it


For LAN connections, you also have the TCP/IP filtering. For PPP
connections, you have RAS firewall. At the end, it all ends up at the
IPFilter driver.

Quoted text here. Click to load it


Not the only, but the most usable one (hey, it also internally uses
IPFilter). Other ones would be CHX-I (had problems with state tracking in my
tests) and maybe CoreForce (be aware that is does this stupid application
control, and even when switching of this functionality the kernel function
hooks remain). Or, if you go at enterprise level, ISA Server 2004 (sadly
with a dependency for IIS).

Re: which is a good small firewall for win xp pre sp2 ? - alternativetoICF?
Sebastian G. wrote:

Quoted text here. Click to load it

if must help.. for a start, the invader will have to know what source
ip to fake to get in, and if he gets in by using that source ip in the
packet, he won`t receive any reply.  What can he do?

I did read that "all" such an attacker could do is a DDOS attack. I
guess that wouldn`t include a buffer overflow kind of exploit injecting
a shell or anything.



Quoted text here. Click to load it

interesting, I hadn`t seen the Win NT TCP/IP filtering screen before.

Regarding the "RAS firewall". Looking at this link titled RAS firewall,
http://www.ltsw.se/knbase/xp/ras/fw01.asp I don`t see such a thing, I
see  the windows firewall, or the ICF. They work for both. The ICF
reached through properties of LAN or dialup connection. The windows
firewall, typically reached via control panel. I see no "RAS firewall"
entity.



Quoted text here. Click to load it


You say that ip restriction is not security. What would you say is ?

And if that is the case, then what would be the point of a firewall ?
Isn`t it for security, and it blocks/allows IPs - and ports.
 
TIA

Re: which is a good small firewall for win xp pre sp2 ? - alternativetoICF?
jameshanley39@yahoo.co.uk wrote:

Quoted text here. Click to load it


Relaying / proxying instead of spoofing.

Quoted text here. Click to load it


Strong authenticatio.



Implementing a concept to segment networks at their boundary.

Quoted text here. Click to load it


No, it blocks/allows network traffic, taking into account various aspects of
the traffic including state.

Re: which is a good small firewall for win xp pre sp2 ? - alternativetoICF?
Sebastian G. wrote:
Quoted text here. Click to load it

you mean like kerberos and nis+ ?

Quoted text here. Click to load it

Re: which is a good small firewall for win xp pre sp2 ? - alternativetoICF?
goarilla wrote:


Quoted text here. Click to load it


Or IPsec, or anything that goes on the application layer (f.e.
login/password for a WebDAV share).

Re: which is a good small firewall for win xp pre sp2 ? - alternativetoICF?
Sebastian G. wrote:
Quoted text here. Click to load it

isn't IPsec an encrypted network layer level protocol
a secure version of IP ?
it also handles authentication ?

Re: which is a good small firewall for win xp pre sp2 ? - alternativetoICF?
goarilla wrote:


Quoted text here. Click to load it


Yes and no. IPsec-AH does solely handle authentication, IPsec-ESP handles
encryption and optionally authentication.

Quoted text here. Click to load it


Yes, see above.

Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?
Sebastian G. wrote:
Quoted text here. Click to load it

from the bottom of my hearth thank you for that info and link.

Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?
goarilla wrote:

Quoted text here. Click to load it


As we're are so far now, you should download the latest unstable release
from the SourceForge CVS repository, apply certain patches (ask me via
eMail) and compile it. Even such a little piece of software is horribly
complex and various security problems that the author hasn't fixed yet.

Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?
On Oct 25, 8:07 am, "jameshanle...@yahoo.co.uk"
Quoted text here. Click to load it

try the "look n'stop firewall" it's very famous
I am still using it now ! I guess it's the best firewall in the wall !
And its size is just 600kb!!


Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?
shmily87@gmail.com wrote:

Quoted text here. Click to load it


Eh... I guess he wants to use it in a productive environment, not for toying
around.

Quoted text here. Click to load it


Which typically is a bad sign, since the average computer user is highly
incompetent wrt. computers.

Quoted text here. Click to load it


I'm sorry for you. Who forced this onto you?

Quoted text here. Click to load it


It's not even a firewall, it's a host-based packet filter that is unsuitable
to implement any firewall at all.

Quoted text here. Click to load it

You're kidding, right? 600 KB is an overly huge amount of code. You can do
the same with only 60 KB, which sound much more reasonable.

Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?
James, as others have mentioned, you really should get that computer up to
service pack 2. Support, including security updates, for pre-SP2 ended in
October 2006. Your computers not running SP2 are definitely out-of-date.

Also, while the original firewall (called "ICF") and the SP2 firewall
(called "Windows Firewall") are the same base code, we added a bit of
additional functionality in SP2. More details here:
http://technet.microsoft.com/en-us/library/bb877979.aspx


--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


Quoted text here. Click to load it


Site Timeline