Goencz, Otto wrote: [restructured to cure top-postingitis]
> >>I installed XP service pack 2, sure the firewall was there did it bitch > sure > it did but I left it up. Told it to allow the applications that use the net > to work.<< > > > Does the XP firewall do application level outbound blocking? I thought it > > just blocked incoming connections? > > Yes, it does bi-directional filtering... Not really... The new XP firewall asks to allow unknown applications to bind to a port -- that is, to set up as listeners. That is only part of what most folk consider "application level outbound blocking". For instance, a bot that simply connects outbound to an IRC server will not raise a warning, but if it tries to bind a port to setup a direct access backdoor or run a simple TFTP or HTTP server (perhaps to provide copies of itself to other machines it has scanned and compromised with a call-back payload), the firewall will alert. MS had to walk a fine line there between providing a more useful PFW and being dragged into court for anti-competitive practices if it provided a "full function" PFW that would clearly be detrimental to an independent group of software developers. -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
