That was the basic idea I was getting at was running services on 1-1024 so that if someone scans the box they will end up having to do it manually, which will require them to spend a LOT of time to find out that frankly there isn't anything open. The only problems I (or others so far can think of) are possible tear drop type attacks that spoof the source address on the packets could be used in a sort of "bounce" attack on another host, and the fact that someone could easily attempt to exploit the firewall itself (the latter is a problem in *any* circumstance). I have a decent idea of how I am going to approach this (should I decide to do it, which most likely I will). But first I need to read back over some info on winsock programming as I am more of a BSD sockets type of person (as far as I have found there are no open source firewalls for windows so that is why I am maybe doing this). But anyway....suggestions on "features" are welcome as reading thru the API it looks like programming a general "Shutdown EVERYTHING" firewall will be quite simple after getting the GUI coded (which is one thing I am having to relearn).
Anyway...thanks for the suggestion
Cheeseball