Posted on by admin

MDGx Windows XP Tweaks

  : The FireWall (FW) is a hardware and/or software based two-way monitor, detector and filter (blocker/unblocker) of ingress/inbound [incoming = originated from internet/network computer(s)] and egress/outbound [outgoing = originated from local networked computer(s)] data/packets, set to block/prevent/stop and/or allow/permit/proxy the transmitting (broadcast) of unauthorized, personal, private and/or local/network computer data/packets to dedicated internet/network based servers/applications and the receiving (download) of unauthorized, internet/network based adware, malware and/or spyware data/packets from reaching/infesting the local/network computer(s).More info.

:

Windows Firewall NEW features:

Stateful inspection is explained @ Wikipedia.

  • packet filtering does NOT block the Remote Assistance connection service!
  • outbound/outgoing (egress) packet filtering is NOT available!
  • packet filtering warnings are NOT available!

ICF/WF can be activated 5 ways:

Defaults are set mainly for outbound traffic, and out-of-the-box ICF/WF blocks only a few ports and protocols Microsoft deems unsafe, which is way too risky for every day browsing. :(Therefore it is strongly advised to tweak them manually to enjoy a safer Internet experience: select the Network Connection Settings tab click the Settings button customize ICF/WF to your needs.The good news is ICF/WF blocks RPC calls to TCP port 135 (see port list below for details) by default. :)Start by making rules (as you should with any decent FW) for each app, domain, protocol, port etc, separately for outbound and/or inbound, respectively.A rule set does one of two things: (1) blocks [disables] or (2) unblocks [enables] a particular app/port/protocol/domain/IP/server/computer/etc from/to access(ing) the internet as a whole, or targets one or more specific internet/network(s) port(s)/domain(s)/server(s)/computer(s).

  • Microsoft: Using Windows Firewall.
  • MS TechNet: Windows Firewall Operations Guide.
  • MS TechNet: Manually Configuring Firewall in XP SP2.
  • MS DOC: Deploying Windows Firewall Settings in XP SP2 [1 MB, DOC format, right-click to save!].
  • MS DOC: Using Firewall INF in XP SP2 [110 KB, DOC format, right-click to save!].
  • MSKB: Troubleshoot Windows Firewall Settings in XP SP2.
  • MSKB: How To Turn On/Off ICF in Windows XP.
  • Ramesh: About Windows XP Internet Connection Firewall.
  • TweakHound: The Windows XP Security Center.
  • The Register: WinXP SP2 = Security Placebo?
  • DShield.
  • Practically Networked.
  • MS TechNet: ICF security log overview.
  • Windows Firewall Control (WFC).
  • Windows Firewall Notifier (WFN).
  • TinyWall.
  • GhostWall.
  • XP Firemon.
  • FireLogXP ICF Log Interpreter.
  • XP Firewall Log Viewer.
  • XP Logger.
  • Microsoft OEM FireWall (OEMFWALL.EXE) tool [12 KB].
  • Port: Positive integer number used to identify an endpoint to a logical connection among TCP/IP and UDP networked computers/devices/terminals. Each assigned port number transmits/receives specific data.
  • Protocol: Standardized format for transmitting/receiving data among computers/devices/terminals:

    • TCP Protocol: transmits/receives data among connected computers/devices/terminals while forming a session, ensuring delivery and error checking.
    • UDP Protocol: transmits/receives data among connected computers/devices/terminals without forming a session, confirmation, nor error checking.
  • Internet Protocol (IP) Address:

    • IPv4 Standard (old):32-bit identifier (numeric address) formed of a group of four 1-3 digit positive integer numbers separated by dots (.) used to identify a networked computer/device/terminal. Format:where xxx = any positive integer number between 0 and 255.More info.Requires network hardware + software capable of Network Address Translation (NAT).
    • IPv6 Standard (new):The IPv6 address contains 2 logical parts:

      1. 64-bit network prefix and
      2. 64-bit host address, usually detected and generated automatically from the interface MAC address.

      128-bit identifier (hexadecimal address) formed of eight groups of 4 hexadecimal digits, each group representing 16 bits (2 octets) separated by colons (:) used to identify a networked computer/device/terminal. Format:where xxxx = any 4 digit 16-bit hexadecimal number, from 0000 up to ffff (case insensitive); leading zero(es) may be omitted (example): 0000 can be abbreviated as 0 .More info.Requires network hardware + software capable of:

      • StateLess Address AutoConfiguration (SLAAC).
      • Dynamic Host Configuration Protocol for IPv6 (DHCPv6).
      • Internet Protocol Security (IPsec).

      Local/private/intranet networked computers/devices/terminals can be assigned any random (unique) IP address specific only to that particular network. Internet/public IP addresses must be registered with a Regional Internet Registry (RIR): AfriNIC, APNIC, ARIN, LACNIC or RIPE to avoid duplication.

Most frequently used (a.k.a. common, known, assigned) ports in alphabetical order [can’t surf without them ;)]:

Most frequently used Trojan/Zombie ports [malware, •MUST ALWAYS• block!]:

There are a total of 65535 ports (a.k.a. address numbers), used by networked computers to create logical connections, and categorized as follows:

More port info:

Note that port numbers are assigned on per application/server approval basis by IANA (Internet Assigned Numbers Authority), the world wide (global) profit-free organization responsible for managing and distributing internet ports to companies, businesses, vendors, ISPs etc.IANA posts periodically a complete list of all ports (must be in public domain) and entities currently using them.

ICF/WF guidelines: when you let an app through, open ONLY the TCP/UDP port(s) you know it needs to use in order to operate over the internet/network(s), and close ALL OTHER ports, especially the ones you know are on the “black” list: some of the known exposed (dangerous) ports are listed after you complete the security port scan tests at Gibson Research.More internet security resources.

Try not to block/unblock both TCP and UDP within the same rule for the same app/protocol, make separate rules for each, as you should also for outbound and inbound, respectively.

That’s why I •strongly• recommend, especially if surfing on broadband (xDSL, cable, satellite or Wi-Fi), and/or using more than one computer to access the internet, to purchase a good multipurpose 4-port (or more, depending on your needs) router with built-in hardware firewall and IPv6 capabilities. Your best bet is a wireless broadband router with 4-port 10/100/1G Ethernet switch with auto-speed sensing and Wi-Fi encryption. See also this review.

  • (Application Layer Gateway Service) = integral part of the built-in ICF/WF, controls FTP connections among other functions. Needs to run for the ICF/WF to work properly.
  • (Generic Host Process for Win32 Services) = integral part of XP OS, mandatory to run at all times, it canNOT be stopped or (re)started manually, loads/unloads/manages internal/external 32-bit DLLs/other services, and in normal conditions more than one Svchost.exe instance/thread will always be open.

:Firewall + Security resources.

MSKB: Programs that may require to open ports manually.

Valid command line switches:

Leave a Reply

Your email address will not be published. Required fields are marked *