lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <411E4CED.9598.E78C9A@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Give XP SP2 a chance

Goencz, Otto wrote:

[restructured to cure top-postingitis]

> >>I installed XP service pack 2, sure the firewall was there did it bitch
> sure
> it did but I left it up. Told it to allow the applications that use the net
> to work.<<
> 
> > Does the XP firewall do application level outbound blocking? I thought it
> > just blocked incoming connections?
> 
> Yes, it does bi-directional filtering...

Not really...

The new XP firewall asks to allow unknown applications to bind to a 
port -- that is, to set up as listeners.  That is only part of what 
most folk consider "application level outbound blocking".  For 
instance, a bot that simply connects outbound to an IRC server will not 
raise a warning, but if it tries to bind a port to setup a direct 
access backdoor or run a simple TFTP or HTTP server (perhaps to provide 
copies of itself to other machines it has scanned and compromised with 
a call-back payload), the firewall will alert.

MS had to walk a fine line there between providing a more useful PFW 
and being dragged into court for anti-competitive practices if it 
provided a "full function" PFW that would clearly be detrimental to an 
independent group of software developers.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ