XPe Firewall not blocking WINS traffic

S

Smedly Tonker

I recently decided to audit what internet traffic was being sent & received
by my embedded XP system. While capturing packets with Ethereal I noticed
that I was receiving WINS traffic thought the XPe firewall (port scans from
various IPs from across the globe). I only have two exception in my firewall
rules - TCP port 7000 & UDP port 7000. Why am I getting WINS traffic through
my firewall?
 
D

Dave R.

Smedly Tonker said:
I recently decided to audit what internet traffic was being sent &
received by my embedded XP system. While capturing packets with
Ethereal I noticed that I was receiving WINS traffic thought the XPe
firewall (port scans from various IPs from across the globe). I only
have two exception in my firewall rules - TCP port 7000 & UDP port
7000. Why am I getting WINS traffic through my firewall?
Click to expand...

Because Windows knows best? Seriously, there are a number of ports that
the SP2 Firewall leaves open by default but hides in the firewall
configuration UI. Check out
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
and you'll see a number of open ports that you don't see in the UI. On
my machines, I see UDP 137, UDP 138, TCP 139 and TCP 3389 open by
default. (Also, the same ports are open by default in
...\FirewallPolicy\DomainProfile\.. so if you connect to a domain you
might want to check those out as well.)

Most of the ports are restricted to the LocalSubNet, but TCP 3389
(Remote Desktop Protocol) is not, so be aware.

Regards,

Dave
 
D

Dave R.

Dave R. said:
Because Windows knows best? Seriously, there are a number of ports
that the SP2 Firewall leaves open by default but hides in the firewall
configuration UI. Check out
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
and you'll see a number of open ports that you don't see in the UI.
On my machines, I see UDP 137, UDP 138, TCP 139 and TCP 3389 open by
default. (Also, the same ports are open by default in
..\FirewallPolicy\DomainProfile\.. so if you connect to a domain you
might want to check those out as well.)

Most of the ports are restricted to the LocalSubNet, but TCP 3389
(Remote Desktop Protocol) is not, so be aware.
Click to expand...

I inadvertently left out TCP 445 as one of the hidden default open ports
in my original reply.

Regards,

Dave
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SP2 Firewall exception program list 1
Problem Allowing Remote Desktop Through Software Firewall 2
Unwanted WINS traffic 1
Vista firewall - Active FTP 3
Mcafee firewall question 1
Firewall strealthing 4
Vista firewall not blocking outbound traffic despite explicit rules to do so 8
Odd network traffic - what is it 1

Top