Backasswards Vista Firewall Rules
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Backasswards Vista Firewall Rules

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    Backasswards Vista Firewall Rules

    Hi all. I've been playing with the Vista host based fire wall, and ran into something odd. If I have the network connection type set to Private, it's suppose to allow for easy discovery, but all of the normal ports are closed:

    Code:
    Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-02 14:18 Eastern Daylight
    Time
    All 1697 scanned ports on vista-test-box (192.168.1.123) are filtered
    MAC Address: 00:0C:29:78:84:CE (VMware)
    
    Nmap finished: 1 IP address (1 host up) scanned in 38.813 seconds
    If I set it to be a Public location, where my machine is not to be easily found, I get the NetBIOs and SMB ports open:

    Code:
    Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-02 14:22 Eastern Daylight
    Time
    Interesting ports on vista-test-box (192.168.1.123):
    Not shown: 1694 filtered ports
    PORT	STATE SERVICE
    135/tcp open  msrpc
    139/tcp open  netbios-ssn
    445/tcp open  microsoft-ds
    MAC Address: 00:0C:29:78:84:CE (VMware)

    Isn't that the opposite of what it should be?

  2. #2
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    Thats good **** haha

  3. #3
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Maybe their logic is...private=all ports closed and public= ports open??

    Does appear backwards though

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Yes MLF, that would be the plain English understanding of things.

    "Private" = hidden, retricted, secret.
    "Public" = open, available, broadcast

    I guess it is a question of viewpoint? In this case the firewall appears to take the above definitions and attempts to apply them literally, rather than taking them as definitions of the environment, and adopting an appropriate strategy.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    If you check the actual options, you only have private and public. If you check (the built-in) Help and Support, though, it claims there are three options: Home, Work, or Public Place (no mention of the "private" option):

    From Windows Help and Support
    Choosing a network location

    The first time that you connect to a network, you must choose a network location. This automatically sets the appropriate firewall settings for the type of network that you connect to. If you connect to networks in different locations (for example, a network at your home, at a local coffee shop, or at work), choosing a network location can help ensure that your computer is always set to an appropriate security level.

    There are three network locations: Home, Work, and Public place.

    Home or Work

    Choose one of these locations for home or small office networks when you know and trust the people and devices on the network. Network discovery, which allows you to see other computers and devices on a network and allows other network users to see your computer, is on by default. For more information, see What is network discovery?

    Public place

    Choose this location for networks in public places (such as coffee shops or airports). This location is designed to keep your computer from being visible to other computers around you and to help protect your computer from any malicious software from the Internet. Network discovery is turned off for this location.

    Note
    If there’s only one computer on your network and you know you won’t need to share files or printers, the safest choice is “Public place.”
    So, according to the Help function, Public is supposed to be to "keep your computer from being visible to other computers around you and to help protect your computer from any malicious software from the Internet" - that indeed doesn't seem to be in line with Irongeek's findings...

  6. #6
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I learned the MS speak when getting my certs...
    It does appear backwards...may be a cause of the left hand not knowing what the right hand is doing

    MLF
    Last edited by morganlefay; October 3rd, 2007 at 04:55 PM.
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #7
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    If you check (the built-in) Help and Support, though, it claims there are three options: Home, Work, or Public Place (no mention of the "private" option):
    Hi Neg,

    If you scroll down that help and support page somewhat MS group home and work networks together and define them as being a private network.

    Behind the scenes the distinction is if a domain controller can be contacted or not - if it can then a 'work' profile is opted for and more management ports etc are opened up that are needed for domain tasks to work, if a DC can't be contacted then obviously these ports are not opened up and the home profile is opted for.

    Have you changed the settings via a Group or Local Policy IronGeek, as I do not get the same results on my laptop (Vista Business).
    Last edited by Nokia; October 3rd, 2007 at 05:30 PM.
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  8. #8
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    I'm using Vista Enterprise with no tweaks.

  9. #9
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Could someone else test and see if they get the same results?

  10. #10
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Ok, I reset the firewall to its defaults and all ports are shown as filtered in both Public and Private network mode.

Similar Threads

  1. Cracking Windows Vista Beta 2 Local Passwords (SAM and SYSKEY)
    By Irongeek in forum The Security Tutorials Forum
    Replies: 2
    Last Post: September 12th, 2006, 07:17 AM
  2. SoftPerfect FireWall
    By foxyloxley in forum Firewall & Honeypot Discussions
    Replies: 2
    Last Post: September 15th, 2004, 05:29 PM
  3. Firewall rules
    By coVert in forum Firewall & Honeypot Discussions
    Replies: 10
    Last Post: March 16th, 2004, 07:51 PM
  4. Windows XP Security Guide (phase two)
    By pooh sun tzu in forum The Security Tutorials Forum
    Replies: 10
    Last Post: March 6th, 2004, 09:54 PM
  5. whats your firewall concept ?
    By skarsatai in forum Firewall & Honeypot Discussions
    Replies: 0
    Last Post: September 4th, 2002, 01:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •