Not to mention that the Windows-Firewall wasn't introduced with SP2, but merely set to be enabled by default. It was included (but not activated by default) since XP RTM.
Well, you have not even said when it was introduced.
I do not know if you are right about the windows firewall being disabled at some stage of windows xp. Nevertheless, I do not have it on this machine. I have the ICF (which I think was on by default)
Meaning there is no windows firewall icon in control panel. To configure the ICF, You have to go to network connections...LAN connection...properties
Anyhow. If anybody knows of an alternative firewall, as I described I needed, I`d be interested.
I can`t get the ICF to restrict the IPs of incoming connections. The Windows Firewall can.
other difference is that the ICF seems to a different thing in function. When you make an entry (for its whitelist) / an exception, it asks for these parameters( ip of comp hosting service, internal port, external port). So I think it is meant to be a network software firewall, with proxy like forwarding with port mapping. The NAT router, if forwarding, is meant to forward to it , and the ICF forwards it on. Or it could act as standalone, each computer running its own. one can ignore the forwarding and internal/external port difference. But a big weakness relative to the windows firewall is not being able to restrict ips of incoming connections.
another difference is how one would navigate to it, which is important, but not technically interesting!
I will give that a try - looks like a great option. I think that may be the only option too.
You must be kidding. Other than for very server-centric services (f.e. DNS, SMTP), such a functionality is totally useless. IP addresses are no kind of authenticated information.
For LAN connections, you also have the TCP/IP filtering. For PPP connections, you have RAS firewall. At the end, it all ends up at the IPFilter driver.
Not the only, but the most usable one (hey, it also internally uses IPFilter). Other ones would be CHX-I (had problems with state tracking in my tests) and maybe CoreForce (be aware that is does this stupid application control, and even when switching of this functionality the kernel function hooks remain). Or, if you go at enterprise level, ISA Server 2004 (sadly with a dependency for IIS).
As we're are so far now, you should download the latest unstable release from the SourceForge CVS repository, apply certain patches (ask me via eMail) and compile it. Even such a little piece of software is horribly complex and various security problems that the author hasn't fixed yet.
if must help.. for a start, the invader will have to know what source ip to fake to get in, and if he gets in by using that source ip in the packet, he won`t receive any reply. What can he do?
I did read that "all" such an attacker could do is a DDOS attack. I guess that wouldn`t include a buffer overflow kind of exploit injecting a shell or anything.
interesting, I hadn`t seen the Win NT TCP/IP filtering screen before.
Regarding the "RAS firewall". Looking at this link titled RAS firewall,
formatting link
I don`t see such a thing, I see the windows firewall, or the ICF. They work for both. The ICF reached through properties of LAN or dialup connection. The windows firewall, typically reached via control panel. I see no "RAS firewall" entity.
You say that ip restriction is not security. What would you say is ?
And if that is the case, then what would be the point of a firewall ? Isn`t it for security, and it blocks/allows IPs - and ports. TIA
James, as others have mentioned, you really should get that computer up to service pack 2. Support, including security updates, for pre-SP2 ended in October 2006. Your computers not running SP2 are definitely out-of-date.
Also, while the original firewall (called "ICF") and the SP2 firewall (called "Windows Firewall") are the same base code, we added a bit of additional functionality in SP2. More details here:
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.