[unisog] Personal Firewalls

Ransel Yoho ransel at net.kent.edu
Thu Apr 11 22:06:23 GMT 2002

> I just got a new computer at home with XP Home. I turned on the
> included firewall and did a quick external scan and didn't even 
> see it. Pretty cool for free :)
> I think its just a simple, stateful packet filter so it won't 
> tell people when a remote control trojan or IRCBOT fires up 
> but I think it will keep the trojan from being accessed from 
> the outside (assuming the trojan doesn't disable it :) . It 
> should also protect computer owners who don't know they're 
> running IIS from Nimda and I assume it won't let people hack 
> at the C$ share in the Professional version.
> Anyone done any real evaluation on it? Next year, all the
> new student computers will probably have it available.
> -- 
> Gary Flynn
> Security Engineer - Technical Services
> James Madison University
> Please R.U.N.S.A.F.E.
> http://www.jmu.edu/computing/runsafe

I ran nmap udp and tcp scans, nothing leaked.
A smbclient null connection to the Admin account does not leak either.

However, I found that after applying an update from MS for their
AIM-like software, i.e. MS instant messenger, MS opened ports for it,
even though it was not running. In particular, the update opens
the following ports:

	msmsgs 10875 TCP
	mssmgs 11488 UDP

Ransel Yoho
Kent State University

More information about the unisog mailing list