Windows ICF: Can't Live With it, Can't Live Without it

an article by David Wong - last updated August 22, 2002=20

"Windows ICF (Internet Connection Firewall) is the built-in firewall in=20
Windows XP, both the Home and Professional editions. ICF is an=20
excellent personal firewall and will prevent most attacks from the=20
Internet. However, the lack of granular control makes ICF much too=20
restrictive for power users. So, as they say, you can't live with it, =
you=20
can't live without it. For this article, we put ICF into the lab and set =
our=20
hackers (well, security penetration testers) loose at it to see how good =

it is. In this article, we will give an overview of ICF, see how ICF=20
performs under a simulated attack, and discuss the pros and cons of ICF. =
"=20

  http://online.securityfocus.com/infocus/1620
___
Ted
0
Ted
8/24/2002 5:03:00 PM
grc.techtalk 27358 articles. 1 followers. Follow

6 Replies
690 Views

Similar Articles

[PageSpeed] 3

"There was a bit of a surprise here. Although no DoS situation was
created, we noticed that no matter which host we scanned, ports 21,
389, 1002, and 1720 were always open. This situation scared the hell
out of our testers: why would ICF be opening up ports? Is it a backdoor?
After much research, we determined that these ports were open due to an
application level proxy in the ICF/ICS service."


Still, nothing like having a good NAT router... and Kerio, too ... if you need it :)

--
blackjack
0
blackjack
8/24/2002 5:32:00 PM
"Ted Quantrill" <Ted_Quantrill@MyRealBox.com> wrote in message
news:ak8e83$4uq$1@news.grc.com...
<snip>
However, the lack of granular control makes ICF much too
restrictive for power users. So, as they say, you can't live with
it, you
can't live without it. <snip>
http://online.securityfocus.com/infocus/1620

FYI:
CHX-I Packet Filter Management.msc.?
From: http://www.idrci.net/idrci_tryit2.htm
CHX-I Packet Filter 1.2 (W2K/XP/.NET)
CHX-I Content Firewall Dev Kit 1.9 - (NT 4.0/W2K/XP/.NET)
CHX-I Content Firewall -Web Edition 1.9 (NT 4.0/W2K/XP/.NET)

This Management Service Console snap-in works great here! The only
confirmation that I can get is that all port scanners return
0-65536 as "non-existant", "stealth", "invisible to other
computers on the Internet", "n/a" etc. It sure makes me feel
secure! But, mebbe I'm missing something?

Hope it helps somebody,
just axn
0
just
8/24/2002 10:53:00 PM
In article <ak8fv9$8cg$1@news.grc.com>, i386@usa.net says...

Ahem...now to put the quote in context...

"Since most stateful firewalls have performance and DoS issues with 
internal users overloading the state table, we ran the Fscan port 
scanner from the ICF box "
	^^^^^^^^^^^^^^
> "There was a bit of a surprise here. Although no DoS situation was
> created, we noticed that no matter which host we scanned, ports 21,
> 389, 1002, and 1720 were always open. This situation scared the hell
> out of our testers: why would ICF be opening up ports? Is it a backdoor?
> After much research, we determined that these ports were open due to an
> application level proxy in the ICF/ICS service."
> 
> 
> Still, nothing like having a good NAT router... and Kerio, too ... if you need it :)
> 

-- 
Bloated Elvis
0
bloated
8/24/2002 11:33:00 PM
"Ted Quantrill" <Ted_Quantrill@MyRealBox.com> wrote in message
news:ak8e83$4uq$1@news.grc.com...
an article by David Wong - last updated August 22, 2002

"Windows ICF (Internet Connection Firewall) is the built-in firewall in
Windows XP, both the Home and Professional editions. ICF is an
excellent personal firewall and will prevent most attacks from the
Internet. However, the lack of granular control makes ICF much too
restrictive for power users. So, as they say, you can't live with it,
you
can't live without it. For this article, we put ICF into the lab and set
our
hackers (well, security penetration testers) loose at it to see how good
it is. In this article, we will give an overview of ICF, see how ICF
performs under a simulated attack, and discuss the pros and cons of ICF.
"

  http://online.securityfocus.com/infocus/1620
___
Ted

(Windows XP Pro)
I have known since RC1 that the ICF of XP gave complete "stealth" from
any and all web sites I could find that offered port scanning. So, since
I had trouble finding a compatible firewall, you know the story, fast
user switching, etc., I used XP along with a good AV.

A couple weeks ago I got a RP614 Netgear Router and am now, in addition
to the NAT of the firewall, using *whisper* Black Ice *shudder*. After
baseline, I edited the file so it asked me permission for any app to run
or to connect, thus defeating firehole, tooleaky, PCAudit, etc.

Back to the point. I've always had a fantastic connection, being in a
rebuild area with COX. 2500 down, 200 up. Since the addition of the
router my speeds have increased to 3500+ down, 300 up, respectively.
Sometimes even over 4000 down. After reading the article I decided to
use ICF also. My speeds immediately reverted back to what they had been.
Hmmmmm. So I tested my speeds several times both with and without it and
always the same results. My point being, those on a slower connection
may well be penalized considerably by using ICF.

It would be interesting to know if this is only typical on my machine or
if others may be experiencing this also. That is a big hit in speed.
Maybe not as much on slower connections. Something to think about,
though.

Ron M
0
Ron
8/25/2002 1:15:00 PM
Ron M <ronmiles_@excite.com> wrote:

> Back to the point. I've always had a fantastic connection, being in a
> rebuild area with COX. 2500 down, 200 up. Since the addition of the
> router my speeds have increased to 3500+ down, 300 up, respectively.
> Sometimes even over 4000 down. After reading the article I decided to
> use ICF also. My speeds immediately reverted back to what they had been.
> Hmmmmm. So I tested my speeds several times both with and without it and
> always the same results. My point being, those on a slower connection
> may well be penalized considerably by using ICF.
>
> It would be interesting to know if this is only typical on my machine or
> if others may be experiencing this also. That is a big hit in speed.
> Maybe not as much on slower connections. Something to think about,
> though.

Ron,

Regardless of the speed issue, there is nothing to be gained by running ICF
behind a NAT router.  Since ICF only handles inbound and is a NAT, it has
nothing to do, essentially.

-- 
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
8/25/2002 1:40:00 PM
"Robert Wycoff" <Don't.use.Lockdown@any.price> wrote in message
news:akamoi$2e3r$1@news.grc.com...
> Ron,
>
> Regardless of the speed issue, there is nothing to be gained by
running ICF
> behind a NAT router.  Since ICF only handles inbound and is a NAT, it
has
> nothing to do, essentially.
>
> --
> Robert
> List of Lists - http://lists.gpick.com/
> Eric Howe's Privacy and Security Site -
> http://www.staff.uiuc.edu/~ehowes/main-nf.htm
>
Yeah, I know, over kill <g>. You're right, of course. Thanks.

Ron M
0
Ron
8/25/2002 2:01:00 PM
Reply:

Similar Artilces:

I can't get no cache, I can't get no cache. 'Cause I try and I try and I try and, I can't get no, I can't get no cache.
I have fiddled out for days tinkering with the setting in about:config trying to get FireFox 12 to use the disk cache. I have NOT found the trick. This One Trick Pony ain't doing it like it used to up until recently. Pray tell anyone, What information can I share that will point a knowledgeable person to aid me in getting FF to disk.cache? I have also tried restarting FF with add-ons disabled, (There were NOT too many to do this to, so it was quick and easy) Here is my stab at trying to convey the information that MIGHT govern matters Using about:cache Informatio...

Re: I can't get no cache, I can't get no cache. ' Cause I try and I try and I try and, I can't get no, I can't get no cache.
<div>please com e see me about htis<br /> <br /> ------- Original Message f= rom the Global Relay Archive -------<br /> From: Hp &lt;ferd@farkel.net&gt;= <br /> To: "support-firefox@lists.mozilla.org" &lt;support-firefox@lists.mo= zilla.org&gt;<br /> Sent: Sun, 27 May 2012 18:30:18 -0700<br /> Subject: I = can't get no cache, I can't get no cache. 'Cause I try and I try and I try = and, I can't get no, I can't get no cache.<br /> <br /></div> <pre class=3D"gr-maex-body-pre&qu...

2010: Can't register - can't download the software - can't register until I have the software
I have active maintenance on Rad Studio: From: Vicky Rassmisaengthong [mailto:Vicky.Rassmisaengthong@EMBARCADERO.COM] Sent: Wednesday, February 25, 2009 1:58 PM To: rgrossman Cc: amer.supportadmin@codegear.com; Ashley Cosentino Subject: Software Assurance Support for Tech III Inc PO# Credit Card Dear Embarcadero Technologies Support Customer, Welcome! You have been registered as the primary contact on support account number AM####### Herewith we confirm your Embarcadero Technologies support agreement covering: Qty 1 RAD Studio Enterprise Named User licens...

Two things,Why do I keep getting emails that I don't want. can't get rid of them? Why can't I get my email when I am out of town? Or can I?
Name: Ed Leech Email: ELCraftatzoominternetdotnet Product: Thunderbird Summary: Two things,Why do I keep getting emails that I don't want. can't get rid of them? Why can't I get my email when I am out of town? Or can I? Comments: I am getting frusted with all the emails coming in that I do not want, I am using the tools to get thme out but they keep coming. They just use different names or whatever. I have been thinking of just switching to something else but my business intrusts know this email and it is tooo confusing to change. Every time I go out of town on bu...

Can't base report on stored procedure--'Can't create Datawindow'
I installed IM65 today to give it a try. I made a db config to our local ASE 11.9.2 engine via Sybase' odbc driver that came with 11.9.2. I start a new report, tell it to be tabular and to get data from a SP. It asks which SP and I tell it. The result is an odbc error: Cannot create DataWindow Intersolv SQL ODBC driver: Incorrect syntax near '='. 1 execute dbo.sp_si_addressbest_;0 RETURN_VALUE = :RETURN_VALUE' I can execute the SP fine from SQL Advantage or from Crytal Reports. Thanks. -- Frank Burleigh Indiana University School of Law Bloomi...

Can't install grub/lilo, can't restor windows boot
Hi I tried to install opensuse 11 yesterday. But it couldn't install GRUB. It says - *disk doesn't exist* I cancelled the installation and now I cannot even access my windows (fixmbr and fixboot don't help) Please help! -- greg606 ------------------------------------------------------------------------ Well, In some cases (especially when using recovery boot) grub reports installation problems. But this is the first time somebody reports fixmbr problems. 1/ I would consider using windows disk to load emergency console to try to access windows disk. If...

They Can't Crack What They Can't Find
They Can't Crack What They Can't Find noeld@rootprompt.org The Internet today is a jungle full of predators. Some of these predators are trying to crack your machine others are just looking for a machine to crack. By using the firewalling tools built into the Linux kernel it is possible to make a desktop machine virtually disappear from the crackers view. In this article I will describe how to hide a machine running Linux that uses PPP over a modem to connect to the Internet. I will use ipchains and the firewalling built into the Linux kernel to protect the services that are ...

Can't boot, can't update
I have upgraded from SuSE version 11.3 (which worked well) using zypper dup. Unfortunately, an earlier post regarding resolution of a CPU crash during boot turned out to be premature, as it is now intermittent. When booting, the system: (1) UDV reports a CPU crash (on-screen dump) (2) if the computer is reset (turned off, then on again), it will eventually either boot up normally (rare) or display a screen with a very wrong resolution setting. Repeatedly rebooting will eventually tease the system into normal operation, but it usually takes several attempts. Several Grub parame...

Can't regenerate, can't open
In 6.5, I have a global function in which a line is causing an error when the app is compiled. When I try to open the function, I'm told "Open of Function f_disable_mainfmenu failed. It has been migrated to current version format, but must also be successfully regenerated". But when I try to regenerate it, the error pops up again and it won't let me regenerate. Any ideas? Thanks. hi, try to export and reimport the function ( check the code also) hope it will help you fran´┐Żois This is one of the pains that will hopefully be eliminated in PB8 (where ...

can't connect and can't scroll
Name: Product: Firefox Summary: can't connect and can't scroll Comments: Downloaded beta 6 several times and I can never get online. Everything else connected to the internet works fine, but I can't open a single page in firefox. Also, I'm currently using beta 4 so I don't know if this has been improved, but every time I minimize firefox and later maximize it, I can no longer use the mousepad on my laptop to scroll without reloading the page. Vista Home Premium 32-bit Dell XPS M1330 Intel T9300 Browser Details: Mozilla/5.0 (Windows NT 6.0; rv:2.0b4) G...

Can't open Can't delete
Name: Mike Gordon Email: mikeatmgendodotcodotnz Product: Thunderbird Summary: Can't open Can't delete Comments: HELP I cannot open thunderbird after latest update. It has an error message thunderbird.exe is not a Win 32 command. I also cannot delet it to reload it I need some help Please Browser Details: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322) ...

Security startup's creed: you can't hack what you can't see
Security software startup Trusted Network Technologies Inc. is expected to come out of hiding this week. But it hopes its customers will appreciate the ability to make their networks and critical information systems more clandestine. The company is expected to disclose today that it has received $6 million in first-round funding from Charles River Ventures and Flagship Ventures, and it will unveil its access-management app, Identity, which sports a sneaky twist. According to company founder and CEO Stephen Gant, the app provides user access control by embedding a two-factor identity--o...

Why can't FireFox cache just save image data directly without encoding it so it can't be viewed directly?
For secure web pages, not a problem can understand why it does that. But, when it comes to pages that are not securely encrypted, why does FireFox have to encode the cache files in a format Windows doesn't understand? Retrieving graphical objects from a cache would be a lot easier if I could just browse them visually. Regarding graphics on a page, if FireFox gets an updated version of an image file, does it automatically discard the old image file, or does it hold onto it? Cheers ... Geoffrey Hyde On 13.12.2009 05:35, Geoffrey Hyde wrote: --- Original Me...

Can't save and/or can't read mail
This is a multi-part message in MIME format. --------------060900090409060907050501 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I created a few new accounts in SM to read administrative addresses. When I went back to read my main mailbox I got a message something like "can't save mail, do you have permissions" and yes, I do. I note that the permissions in various accounts are not all the same, some directories are 755, some are 700. Same for Mail files. In any case I have permissions, so what is this really saying. (...

Web resources about - Windows ICF: Can't Live With it, Can't Live Without it - grc.techtalk

Resources last updated: 1/6/2016 7:39:07 AM