Firewall not working

[Guest]

I've been using the XP firewall for over a year. I never thought much about
it until I tested it this weekend with a ping command to my wired network
from my wireless laptop on a neighbors network. To my surprise it came back
with a reply instead of timing out. I unchecked all exceptions and advanced
boxes that would allow it to connect and it still came back with a response.
The only way I can get it to keep from being "seen" is to check the Don't
Allow Exceptions box. Has anybody else had this problem. I checked the
settings against the laptop which I had just reloaded XP on from scratch, and
the firewall works without the Don't Allow Exceptions box checked.

 

[David Beder [MSFT]]

verify that the Remote Administration feature is not enabled
The easiest way to check is at a command prompt type:
netsh firewall show state:
if you see:
Remote admin mode = Enable
then it's enabled.
This effectively opens TCP 445, which also enables being ping'd.

 

[Steve]

The real question you need to be asking is, what can everyone else see on my
home PC.


1) If you've simply got your PC plugged into your ISP's modem then... be
very worried

2) Building upon #1, but also with the Microsoft ICS Firewall enabled ...
then be less worried, but.....
what about outgoing connections.... ?

2a) Given the fact that Microsofts' software firewalls haven't worked in the
past... (check out the TCP/IP
filtering if you have doubts)... I wonder why a lot of people are so
eager to jump onboard... also check out the
registry settings under HKLM/Software/Services..... raises questions
(since I've pretty much disabled all of them
and can still browse web pages, see also www.sysinternals.com)

3). More than one software firewall is bad ....?
In the past I've run the trial Blackice and Zonealarm together..and
each has captured different 'situations'
though I've seen others raising questions about these, and its pretty
much come down to the excuse that
running more than one s/w firewall on your machine is bad since
they.... interfere with each other.

At a bare minimum, I'd suggest you try out a couple of the "free"
alternatives that exist, run some of the free online firewall tests, then if
appropriate disable ICMP and the TCP/UDP ports that you don't need to make
available to the rest of the world.

Ideally invest in a cheap(ish) router (max. 40 US$) that supports NAT
(Network address Translation) & SPI (Stateful Packet Inspection) and add
this to your PC's "chain of protection" by simply plugging one into the
other.


Anyways, whatever solution you choose, apart from pulling the cable from the
wall will always be a security risk ... attitudes need to change too....


Have fun.


Steve