April 7th, 2005, 04:44 PM
Windows XP Firewall SP2
O.K. Without posting too much detail for the visiting uber skiddies, I ran into a client that managed to get their tcp stack COMPLETELY HOSED. I think it was one of phishphreek80's users because they stated that they didn't do anything -
Anyway, while looking for the media to re install it hit me. If ISA uses winsock, shouldn't it stand to reason that the XP firewall would also. I know reason and Microsoft is an oxymoron, like Military Intelligence. But Hey - IT WORKED.
"Netsh winsock reset" At the command reset the firewall to it's default settings. For those of you that used to program and/or dink with the winsock.dll will realize the flaw here.
Another banner moment for Microsoft's development team!
The malware used to corrupt the stack in the first place looks like it was designed to open ports on the firewall but the code was missing a command and subsequently hosed the stack. I fixed the code and reset my home firewall, from work, to allow all traffic.
There is a system log detailing the change, but nothing in the firewall detail logs.