which is a good small firewall for win xp pre sp2 ? - alternative to ICF? - Firewalls

This is a discussion on which is a good small firewall for win xp pre sp2 ? - alternative to ICF? - Firewalls ; I have a comp with an early win xp , it has ICF , not "the windows firewall". From what I can fathom, the ICF gives no option to restrict IPs of incoming connections, like "the windows firewall" does. Is ...

+ Reply to Thread
Results 1 to 18 of 18

Thread: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?

  1. which is a good small firewall for win xp pre sp2 ? - alternative to ICF?


    I have a comp with an early win xp , it has ICF , not "the windows
    firewall".

    From what I can fathom, the ICF gives no option to restrict IPs of
    incoming connections, like "the windows firewall" does.

    Is there something like the windows firewall that I can install? I
    don`t want some big thing like ZA or something with popups.

  2. Re: which is a good small firewall for win xp pre sp2 ? - alternativeto ICF?

    Hi,

    jameshanley39@yahoo.co.uk schrieb:
    > Is there something like the windows firewall that I can install?


    Update windwos on that machine.

    Cheers,
    Jens

  3. Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?

    Jens Hoffmann wrote:
    > jameshanley39@yahoo.co.uk schrieb:
    >> Is there something like the windows firewall that I can install?

    >
    > Update windwos on that machine.


    Not to mention that the Windows-Firewall wasn't introduced with SP2, but
    merely set to be enabled by default. It was included (but not activated
    by default) since XP RTM.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  4. Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?

    Ansgar -59cobalt- Wiechers wrote:

    > Jens Hoffmann wrote:
    > > jameshanley39@yahoo.co.uk schrieb:
    > >> Is there something like the windows firewall that I can install?

    > >
    > > Update windwos on that machine.

    >
    > Not to mention that the Windows-Firewall wasn't introduced with SP2,
    > but merely set to be enabled by default. It was included (but not
    > activated by default) since XP RTM.
    >
    > cu
    > 59cobalt



    Well, you have not even said when it was introduced.


    I do not know if you are right about the windows firewall being
    disabled at some stage of windows xp. Nevertheless, I do not have it on
    this machine. I have the ICF (which I think was on by default)

    Meaning there is no windows firewall icon in control panel. To
    configure the ICF, You have to go to network connections...LAN
    connection...properties


    Anyhow. If anybody knows of an alternative firewall, as I described I
    needed, I`d be interested.

  5. Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?

    jameshanley39@yahoo.co.uk wrote:

    > Anyhow. If anybody knows of an alternative firewall, as I described I
    > needed, I`d be interested.


    Why the heck don't you simply update your winXP to the lastest patchlevel?

    Why do you want to f*ck up your system by installing 3rd party snake-oil?

    Wolfgang

  6. Re: which is a good small firewall for win xp pre sp2 ? - alternativeto ICF?

    jameshanley39@yahoo.co.uk wrote:


    > I do not know if you are right about the windows firewall being
    > disabled at some stage of windows xp. Nevertheless, I do not have it on
    > this machine. I have the ICF (which I think was on by default)
    >
    > Meaning there is no windows firewall icon in control panel. To
    > configure the ICF, You have to go to network connections...LAN
    > connection...properties



    Windows Firewall merely is the ICF renamed and a funny control panel applet
    added.

    > Anyhow. If anybody knows of an alternative firewall, as I described I
    > needed, I`d be interested.



    What about WinIPFW?

  7. Re: which is a good small firewall for win xp pre sp2 ? - alternativeto ICF?

    Sebastian G. wrote:

    > jameshanley39@yahoo.co.uk wrote:
    >
    >
    > > I do not know if you are right about the windows firewall being
    > > disabled at some stage of windows xp. Nevertheless, I do not have
    > > it on this machine. I have the ICF (which I think was on by default)
    > >
    > > Meaning there is no windows firewall icon in control panel. To
    > > configure the ICF, You have to go to network connections...LAN
    > > connection...properties

    >
    >
    > Windows Firewall merely is the ICF renamed and a funny control panel
    > applet added.
    >


    I can`t get the ICF to restrict the IPs of incoming connections. The
    Windows Firewall can.

    other difference is that the ICF seems to a different thing in
    function. When you make an entry (for its whitelist) / an exception, it
    asks for these parameters( ip of comp hosting service, internal port,
    external port). So I think it is meant to be a network software
    firewall, with proxy like forwarding with port mapping. The NAT
    router, if forwarding, is meant to forward to it , and the ICF forwards
    it on. Or it could act as standalone, each computer running its own.
    one can ignore the forwarding and internal/external port difference.
    But a big weakness relative to the windows firewall is not being able
    to restrict ips of incoming connections.

    another difference is how one would navigate to it, which is important,
    but not technically interesting!


    > > Anyhow. If anybody knows of an alternative firewall, as I described
    > > I needed, I`d be interested.

    >
    >
    > What about WinIPFW?


    I will give that a try - looks like a great option. I think that may be
    the only option too.

  8. Re: which is a good small firewall for win xp pre sp2 ? - alternativeto ICF?

    Sebastian G. wrote:
    > What about WinIPFW?


    from the bottom of my hearth thank you for that info and link.

  9. Re: which is a good small firewall for win xp pre sp2 ? - alternativeto ICF?

    goarilla wrote:

    > Sebastian G. wrote:
    >> What about WinIPFW?

    >
    > from the bottom of my hearth thank you for that info and link.



    As we're are so far now, you should download the latest unstable release
    from the SourceForge CVS repository, apply certain patches (ask me via
    eMail) and compile it. Even such a little piece of software is horribly
    complex and various security problems that the author hasn't fixed yet.

  10. Re: which is a good small firewall for win xp pre sp2 ? - alternativetoICF?

    Sebastian G. wrote:

    > jameshanley39@yahoo.co.uk wrote:
    >
    >
    > > But a big weakness relative to the windows firewall is not being
    > > able to restrict ips of incoming connections.

    >
    >
    > You must be kidding. Other than for very server-centric services
    > (f.e. DNS, SMTP), such a functionality is totally useless. IP
    > addresses are no kind of authenticated information.
    >


    if must help.. for a start, the invader will have to know what source
    ip to fake to get in, and if he gets in by using that source ip in the
    packet, he won`t receive any reply. What can he do?

    I did read that "all" such an attacker could do is a DDOS attack. I
    guess that wouldn`t include a buffer overflow kind of exploit injecting
    a shell or anything.



    > > another difference is how one would navigate to it, which is
    > > important, but not technically interesting!

    >
    >
    > For LAN connections, you also have the TCP/IP filtering. For PPP
    > connections, you have RAS firewall. At the end, it all ends up at the
    > IPFilter driver.
    >


    interesting, I hadn`t seen the Win NT TCP/IP filtering screen before.

    Regarding the "RAS firewall". Looking at this link titled RAS firewall,
    http://www.ltsw.se/knbase/xp/ras/fw01.asp I don`t see such a thing, I
    see the windows firewall, or the ICF. They work for both. The ICF
    reached through properties of LAN or dialup connection. The windows
    firewall, typically reached via control panel. I see no "RAS firewall"
    entity.



    > > > > Anyhow. If anybody knows of an alternative firewall, as I
    > > > > described I needed, I`d be interested.
    > > >
    > > > What about WinIPFW?

    > >
    > > I will give that a try - looks like a great option. I think that
    > > may be the only option too.

    >
    >
    > Not the only, but the most usable one (hey, it also internally uses
    > IPFilter). Other ones would be CHX-I (had problems with state
    > tracking in my tests) and maybe CoreForce (be aware that is does this
    > stupid application control, and even when switching of this
    > functionality the kernel function hooks remain). Or, if you go at
    > enterprise level, ISA Server 2004 (sadly with a dependency for IIS).



    You say that ip restriction is not security. What would you say is ?

    And if that is the case, then what would be the point of a firewall ?
    Isn`t it for security, and it blocks/allows IPs - and ports.

    TIA

  11. Re: which is a good small firewall for win xp pre sp2 ? - alternativetoICF?

    jameshanley39@yahoo.co.uk wrote:

    > if must help.. for a start, the invader will have to know what source
    > ip to fake to get in, and if he gets in by using that source ip in the
    > packet, he won`t receive any reply. What can he do?



    Relaying / proxying instead of spoofing.

    > You say that ip restriction is not security. What would you say is ?



    Strong authenticatio.

    > And if that is the case, then what would be the point of a firewall?



    Implementing a concept to segment networks at their boundary.

    > Isn`t it for security, and it blocks/allows IPs - and ports.



    No, it blocks/allows network traffic, taking into account various aspects of
    the traffic including state.

  12. Re: which is a good small firewall for win xp pre sp2 ? - alternativetoICF?

    Sebastian G. wrote:
    > jameshanley39@yahoo.co.uk wrote:
    >
    >> if must help.. for a start, the invader will have to know what source
    >> ip to fake to get in, and if he gets in by using that source ip in the
    >> packet, he won`t receive any reply. What can he do?

    >
    >
    > Relaying / proxying instead of spoofing.
    >
    >> You say that ip restriction is not security. What would you say is ?

    >
    >
    > Strong authenticatio.
    >


    you mean like kerberos and nis+ ?

    >> And if that is the case, then what would be the point of a firewall?

    >
    >
    > Implementing a concept to segment networks at their boundary.
    >
    >> Isn`t it for security, and it blocks/allows IPs - and ports.

    >
    >
    > No, it blocks/allows network traffic, taking into account various
    > aspects of the traffic including state.


  13. Re: which is a good small firewall for win xp pre sp2 ? - alternativetoICF?

    goarilla wrote:


    >>> You say that ip restriction is not security. What would you say is ?

    >>
    >> Strong authenticatio.
    >>

    >
    > you mean like kerberos and nis+ ?



    Or IPsec, or anything that goes on the application layer (f.e.
    login/password for a WebDAV share).

  14. Re: which is a good small firewall for win xp pre sp2 ? - alternativetoICF?

    Sebastian G. wrote:
    > goarilla wrote:
    >
    >
    >>>> You say that ip restriction is not security. What would you say is ?
    >>>
    >>> Strong authenticatio.
    >>>

    >>
    >> you mean like kerberos and nis+ ?

    >
    >
    > Or IPsec, or anything that goes on the application layer (f.e.
    > login/password for a WebDAV share).


    isn't IPsec an encrypted network layer level protocol
    a secure version of IP ?
    it also handles authentication ?

  15. Re: which is a good small firewall for win xp pre sp2 ? - alternativetoICF?

    goarilla wrote:


    > isn't IPsec an encrypted network layer level protocol
    > a secure version of IP ?



    Yes and no. IPsec-AH does solely handle authentication, IPsec-ESP handles
    encryption and optionally authentication.

    > it also handles authentication ?



    Yes, see above.

  16. Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?

    On Oct 25, 8:07 am, "jameshanle...@yahoo.co.uk"
    wrote:
    > I have a comp with an early win xp , it has ICF , not "the windows
    > firewall".
    >
    > From what I can fathom, the ICF gives no option to restrict IPs of
    > incoming connections, like "the windows firewall" does.
    >
    > Is there something like the windows firewall that I can install? I
    > don`t want some big thing like ZA or something with popups.


    try the "look n'stop firewall" it's very famous
    I am still using it now ! I guess it's the best firewall in the wall !
    And its size is just 600kb!!


  17. Re: which is a good small firewall for win xp pre sp2 ? - alternativeto ICF?

    shmily87@gmail.com wrote:

    > On Oct 25, 8:07 am, "jameshanle...@yahoo.co.uk"
    > wrote:
    >> I have a comp with an early win xp , it has ICF , not "the windows
    >> firewall".
    >>
    >> From what I can fathom, the ICF gives no option to restrict IPs of
    >> incoming connections, like "the windows firewall" does.
    >>
    >> Is there something like the windows firewall that I can install? I
    >> don`t want some big thing like ZA or something with popups.

    >
    > try the "look n'stop firewall"



    Eh... I guess he wants to use it in a productive environment, not for toying
    around.

    > it's very famous



    Which typically is a bad sign, since the average computer user is highly
    incompetent wrt. computers.

    > I am still using it now !



    I'm sorry for you. Who forced this onto you?

    > I guess it's the best firewall in the wall !



    It's not even a firewall, it's a host-based packet filter that is unsuitable
    to implement any firewall at all.

    > And its size is just 600kb!!


    You're kidding, right? 600 KB is an overly huge amount of code. You can do
    the same with only 60 KB, which sound much more reasonable.

  18. Re: which is a good small firewall for win xp pre sp2 ? - alternative to ICF?

    James, as others have mentioned, you really should get that computer up to
    service pack 2. Support, including security updates, for pre-SP2 ended in
    October 2006. Your computers not running SP2 are definitely out-of-date.

    Also, while the original firewall (called "ICF") and the SP2 firewall
    (called "Windows Firewall") are the same base code, we added a bit of
    additional functionality in SP2. More details here:
    http://technet.microsoft.com/en-us/l.../bb877979.aspx


    --
    Steve Riley
    steve.riley@microsoft.com
    http://blogs.technet.com/steriley
    http://www.protectyourwindowsnetwork.com


    wrote in message
    news:471fde41$0$8412$db0fefd9@news.zen.co.uk...
    >
    > I have a comp with an early win xp , it has ICF , not "the windows
    > firewall".
    >
    > From what I can fathom, the ICF gives no option to restrict IPs of
    > incoming connections, like "the windows firewall" does.
    >
    > Is there something like the windows firewall that I can install? I
    > don`t want some big thing like ZA or something with popups.



+ Reply to Thread