which is a good small firewall for win xp pre sp2 ? - alternative to ICF?

I have a comp with an early win xp , it has ICF , not "the windows firewall".

From what I can fathom, the ICF gives no option to restrict IPs of incoming connections, like "the windows firewall" does.

Is there something like the windows firewall that I can install? I don`t want some big thing like ZA or something with popups.

Reply to
jameshanley39
Loading thread data ...

Hi,

snipped-for-privacy@yahoo.co.uk schrieb:

Update windwos on that machine.

Cheers, Jens

Reply to
Jens Hoffmann

Not to mention that the Windows-Firewall wasn't introduced with SP2, but merely set to be enabled by default. It was included (but not activated by default) since XP RTM.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Well, you have not even said when it was introduced.

I do not know if you are right about the windows firewall being disabled at some stage of windows xp. Nevertheless, I do not have it on this machine. I have the ICF (which I think was on by default)

Meaning there is no windows firewall icon in control panel. To configure the ICF, You have to go to network connections...LAN connection...properties

Anyhow. If anybody knows of an alternative firewall, as I described I needed, I`d be interested.

Reply to
jameshanley39

Why the heck don't you simply update your winXP to the lastest patchlevel?

Why do you want to f*ck up your system by installing 3rd party snake-oil?

Wolfgang

Reply to
Wolfgang Kueter

Windows Firewall merely is the ICF renamed and a funny control panel applet added.

What about WinIPFW?

Reply to
Sebastian G.

I can`t get the ICF to restrict the IPs of incoming connections. The Windows Firewall can.

other difference is that the ICF seems to a different thing in function. When you make an entry (for its whitelist) / an exception, it asks for these parameters( ip of comp hosting service, internal port, external port). So I think it is meant to be a network software firewall, with proxy like forwarding with port mapping. The NAT router, if forwarding, is meant to forward to it , and the ICF forwards it on. Or it could act as standalone, each computer running its own. one can ignore the forwarding and internal/external port difference. But a big weakness relative to the windows firewall is not being able to restrict ips of incoming connections.

another difference is how one would navigate to it, which is important, but not technically interesting!

I will give that a try - looks like a great option. I think that may be the only option too.

Reply to
jameshanley39

from the bottom of my hearth thank you for that info and link.

Reply to
goarilla

You must be kidding. Other than for very server-centric services (f.e. DNS, SMTP), such a functionality is totally useless. IP addresses are no kind of authenticated information.

For LAN connections, you also have the TCP/IP filtering. For PPP connections, you have RAS firewall. At the end, it all ends up at the IPFilter driver.

Not the only, but the most usable one (hey, it also internally uses IPFilter). Other ones would be CHX-I (had problems with state tracking in my tests) and maybe CoreForce (be aware that is does this stupid application control, and even when switching of this functionality the kernel function hooks remain). Or, if you go at enterprise level, ISA Server 2004 (sadly with a dependency for IIS).

Reply to
Sebastian G.

As we're are so far now, you should download the latest unstable release from the SourceForge CVS repository, apply certain patches (ask me via eMail) and compile it. Even such a little piece of software is horribly complex and various security problems that the author hasn't fixed yet.

Reply to
Sebastian G.

if must help.. for a start, the invader will have to know what source ip to fake to get in, and if he gets in by using that source ip in the packet, he won`t receive any reply. What can he do?

I did read that "all" such an attacker could do is a DDOS attack. I guess that wouldn`t include a buffer overflow kind of exploit injecting a shell or anything.

interesting, I hadn`t seen the Win NT TCP/IP filtering screen before.

Regarding the "RAS firewall". Looking at this link titled RAS firewall,

formatting link
I don`t see such a thing, I see the windows firewall, or the ICF. They work for both. The ICF reached through properties of LAN or dialup connection. The windows firewall, typically reached via control panel. I see no "RAS firewall" entity.

You say that ip restriction is not security. What would you say is ?

And if that is the case, then what would be the point of a firewall ? Isn`t it for security, and it blocks/allows IPs - and ports. TIA

Reply to
jameshanley39

Relaying / proxying instead of spoofing.

Strong authenticatio.

Implementing a concept to segment networks at their boundary.

No, it blocks/allows network traffic, taking into account various aspects of the traffic including state.

Reply to
Sebastian G.

you mean like kerberos and nis+ ?

Reply to
goarilla

Or IPsec, or anything that goes on the application layer (f.e. login/password for a WebDAV share).

Reply to
Sebastian G.

isn't IPsec an encrypted network layer level protocol a secure version of IP ? it also handles authentication ?

Reply to
goarilla

Yes and no. IPsec-AH does solely handle authentication, IPsec-ESP handles encryption and optionally authentication.

Yes, see above.

Reply to
Sebastian G.

try the "look n'stop firewall" it's very famous I am still using it now ! I guess it's the best firewall in the wall ! And its size is just 600kb!!

Reply to
<shmily87

Eh... I guess he wants to use it in a productive environment, not for toying around.

Which typically is a bad sign, since the average computer user is highly incompetent wrt. computers.

I'm sorry for you. Who forced this onto you?

It's not even a firewall, it's a host-based packet filter that is unsuitable to implement any firewall at all.

You're kidding, right? 600 KB is an overly huge amount of code. You can do the same with only 60 KB, which sound much more reasonable.

Reply to
Sebastian G.

James, as others have mentioned, you really should get that computer up to service pack 2. Support, including security updates, for pre-SP2 ended in October 2006. Your computers not running SP2 are definitely out-of-date.

Also, while the original firewall (called "ICF") and the SP2 firewall (called "Windows Firewall") are the same base code, we added a bit of additional functionality in SP2. More details here:

formatting link

Reply to
Steve Riley [MSFT]

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.