-
October 3rd, 2007, 02:53 PM
#1
Backasswards Vista Firewall Rules
Hi all. I've been playing with the Vista host based fire wall, and ran into something odd. If I have the network connection type set to Private, it's suppose to allow for easy discovery, but all of the normal ports are closed:
Code:
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-02 14:18 Eastern Daylight
Time
All 1697 scanned ports on vista-test-box (192.168.1.123) are filtered
MAC Address: 00:0C:29:78:84:CE (VMware)
Nmap finished: 1 IP address (1 host up) scanned in 38.813 seconds
If I set it to be a Public location, where my machine is not to be easily found, I get the NetBIOs and SMB ports open:
Code:
Starting Nmap 4.20 ( http://insecure.org ) at 2007-10-02 14:22 Eastern Daylight
Time
Interesting ports on vista-test-box (192.168.1.123):
Not shown: 1694 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
MAC Address: 00:0C:29:78:84:CE (VMware)
Isn't that the opposite of what it should be?
-
October 3rd, 2007, 03:06 PM
#2
-
October 3rd, 2007, 03:31 PM
#3
Maybe their logic is...private=all ports closed and public= ports open??
Does appear backwards though
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
October 3rd, 2007, 03:41 PM
#4
Yes MLF, that would be the plain English understanding of things.
"Private" = hidden, retricted, secret.
"Public" = open, available, broadcast
I guess it is a question of viewpoint? In this case the firewall appears to take the above definitions and attempts to apply them literally, rather than taking them as definitions of the environment, and adopting an appropriate strategy.
-
October 3rd, 2007, 03:50 PM
#5
If you check the actual options, you only have private and public. If you check (the built-in) Help and Support, though, it claims there are three options: Home, Work, or Public Place (no mention of the "private" option):
From Windows Help and Support
Choosing a network location
The first time that you connect to a network, you must choose a network location. This automatically sets the appropriate firewall settings for the type of network that you connect to. If you connect to networks in different locations (for example, a network at your home, at a local coffee shop, or at work), choosing a network location can help ensure that your computer is always set to an appropriate security level.
There are three network locations: Home, Work, and Public place.
Home or Work
Choose one of these locations for home or small office networks when you know and trust the people and devices on the network. Network discovery, which allows you to see other computers and devices on a network and allows other network users to see your computer, is on by default. For more information, see What is network discovery?
Public place
Choose this location for networks in public places (such as coffee shops or airports). This location is designed to keep your computer from being visible to other computers around you and to help protect your computer from any malicious software from the Internet. Network discovery is turned off for this location.
Note
If there’s only one computer on your network and you know you won’t need to share files or printers, the safest choice is “Public place.”
So, according to the Help function, Public is supposed to be to "keep your computer from being visible to other computers around you and to help protect your computer from any malicious software from the Internet" - that indeed doesn't seem to be in line with Irongeek's findings...
-
October 3rd, 2007, 03:51 PM
#6
I learned the MS speak when getting my certs...
It does appear backwards...may be a cause of the left hand not knowing what the right hand is doing
MLF
Last edited by morganlefay; October 3rd, 2007 at 03:55 PM.
How people treat you is their karma- how you react is yours-Wayne Dyer
-
October 3rd, 2007, 04:28 PM
#7
If you check (the built-in) Help and Support, though, it claims there are three options: Home, Work, or Public Place (no mention of the "private" option):
Hi Neg,
If you scroll down that help and support page somewhat MS group home and work networks together and define them as being a private network.
Behind the scenes the distinction is if a domain controller can be contacted or not - if it can then a 'work' profile is opted for and more management ports etc are opened up that are needed for domain tasks to work, if a DC can't be contacted then obviously these ports are not opened up and the home profile is opted for.
Have you changed the settings via a Group or Local Policy IronGeek, as I do not get the same results on my laptop (Vista Business).
Last edited by Nokia; October 3rd, 2007 at 04:30 PM.
-
October 3rd, 2007, 04:36 PM
#8
I'm using Vista Enterprise with no tweaks.
-
October 3rd, 2007, 07:50 PM
#9
Could someone else test and see if they get the same results?
-
October 6th, 2007, 08:55 PM
#10
Ok, I reset the firewall to its defaults and all ports are shown as filtered in both Public and Private network mode.
Similar Threads
-
By Irongeek in forum The Security Tutorials Forum
Replies: 2
Last Post: September 12th, 2006, 06:17 AM
-
By foxyloxley in forum Firewall & Honeypot Discussions
Replies: 2
Last Post: September 15th, 2004, 04:29 PM
-
By coVert in forum Firewall & Honeypot Discussions
Replies: 10
Last Post: March 16th, 2004, 07:51 PM
-
By pooh sun tzu in forum The Security Tutorials Forum
Replies: 10
Last Post: March 6th, 2004, 09:54 PM
-
By skarsatai in forum Firewall & Honeypot Discussions
Replies: 0
Last Post: September 4th, 2002, 12:25 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|