View Full Version : Re: Windows XP SP2 Firewall - Developer Implications IPv4 inbound connections for services
PA Bear
July 24th 04, 09:52 AM
NNTP-Posting-Host: 24.229.252.245.cmts.eph.ptd.net 24.229.252.245
Path: imp.nntpserver.com!newsfeed-west.nntpserver.com!newsfeed-east.nntpserver.com!nntpserver.com!chi1.usenetserv er.com!atl-c02.usenetserver.com!news.usenetserver.com!border1 .nntp.dca.giganews.com!nntp.giganews.com!newsfeed. cwix.com!TK2MSFTNGP08.phx.gbl!TK
2MSFTNGP11.phx.gbl
Xref: newsfeed-west.nntpserver.com microsoft.public.win32.programmer.networks:42471 microsoft.public.windowsxp.beta.general:14313 microsoft.public.windowsxp.beta.help-and-support:2961 microsoft.public.windowsxp.security_admin:165972
Are you participating in the beta testing of WinXP SP2, Scott? Your query
should not be posted to non-beta newsgroups (where very few "MS guys" lurk).
--
HTH - Please Reply to This Thread
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
AumHa Forums
http://forum.aumha.org
What You Should Know About Spyware
http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx
Scott Herriman wrote:
> I have a question regarding the MSDN help for Windows XP SP2 on the page,
> "Firewall - Developer Implications" in the section entitled "IPv4 inbound
> connections for services"
> http://msdn.microsoft.com/security/productinfo/XPSP2/networkprotection/firewall_devimp.aspx
>
> The paragrah in question reads (see link for more context):
> "If the user does not consent, then the service should still use the
> INetFwV4OpenPort COM interface to add rules to Windows Firewall to open
> the fixed port or ports needed by the service. These rules, however,
> should not be enabled so that an administrator can easily turn the rules
> on if necessary at a later time."
>
> I do not understand the last sentence? Can some one clarify what they
> mean.
>
> Is this the same sentiment as found under the heading "IPv4 Inbound
> Connections for Services" on another page?
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/securityinxpsp2.asp
> I think that on the second page they are more clear when they say:
> "If the user does not consent, then the service should still use the
> INetFwV4OpenPort API to add rules to ICF to open the fixed port or ports
> needed by the service. However, these rules should not be enabled. "
>
> Sorry for the cross post I think that it should be on topic for the most
> part. I am hoping that one of MS guys will read this and see if they can
> clearup the confusion on the page in question.
>
> Thanks,
> Scott
Louis Solomon [SteelBytes]
July 24th 04, 10:02 AM
NNTP-Posting-Host: steelbytes.com 218.214.18.198
Path: imp.nntpserver.com!newsfeed-west.nntpserver.com!newsfeed-east.nntpserver.com!nntpserver.com!news2.euro.net! news2.euro.net!fr.ip.ndsoftware.net!newsfeed00.sul .t-online.de!t-online.de!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gb l
Xref: newsfeed-west.nntpserver.com microsoft.public.win32.programmer.networks:42473 microsoft.public.windowsxp.beta.general:14318 microsoft.public.windowsxp.beta.help-and-support:2964 microsoft.public.windowsxp.security_admin:165989
I think it is saying that although a program can punch holes on the XP SP2
firewall without user interaction or warnings, it should have this feature
of itself able to be disabled by an admin.
--
Louis Solomon
www.steelbytes.com
"Scott Herriman" > wrote in message
...
>I have a question regarding the MSDN help for Windows XP SP2 on the page,
> "Firewall - Developer Implications" in the section entitled "IPv4 inbound
> connections for services"
> http://msdn.microsoft.com/security/productinfo/XPSP2/networkprotection/firewall_devimp.aspx
>
> The paragrah in question reads (see link for more context):
> "If the user does not consent, then the service should still use the
> INetFwV4OpenPort COM interface to add rules to Windows Firewall to open
> the
> fixed port or ports needed by the service. These rules, however, should
> not
> be enabled so that an administrator can easily turn the rules on if
> necessary at a later time."
>
> I do not understand the last sentence? Can some one clarify what they
> mean.
>
> Is this the same sentiment as found under the heading "IPv4 Inbound
> Connections for Services" on another page?
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/securityinxpsp2.asp
> I think that on the second page they are more clear when they say:
> "If the user does not consent, then the service should still use the
> INetFwV4OpenPort API to add rules to ICF to open the fixed port or ports
> needed by the service. However, these rules should not be enabled. "
>
> Sorry for the cross post I think that it should be on topic for the most
> part. I am hoping that one of MS guys will read this and see if they can
> clearup the confusion on the page in question.
>
> Thanks,
> Scott
>
>
PA Bear
July 24th 04, 10:09 AM
NNTP-Posting-Host: 24.229.252.245.cmts.eph.ptd.net 24.229.252.245
Path: imp.nntpserver.com!newsfeed-west.nntpserver.com!newsfeed-east.nntpserver.com!nntpserver.com!chi1.usenetserv er.com!atl-c02.usenetserver.com!news.usenetserver.com!border1 .nntp.dca.giganews.com!nntp.giganews.com!newsfeed. cwix.com!TK2MSFTNGP08.phx.gbl!TK
2MSFTNGP11.phx.gbl
Xref: newsfeed-west.nntpserver.com microsoft.public.win32.programmer.networks:42471 microsoft.public.windowsxp.beta.general:14313 microsoft.public.windowsxp.beta.help-and-support:2961 microsoft.public.windowsxp.security_admin:165972
Are you participating in the beta testing of WinXP SP2, Scott? Your query
should not be posted to non-beta newsgroups (where very few "MS guys" lurk).
--
HTH - Please Reply to This Thread
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
AumHa Forums
http://forum.aumha.org
What You Should Know About Spyware
http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx
Scott Herriman wrote:
> I have a question regarding the MSDN help for Windows XP SP2 on the page,
> "Firewall - Developer Implications" in the section entitled "IPv4 inbound
> connections for services"
> http://msdn.microsoft.com/security/productinfo/XPSP2/networkprotection/firewall_devimp.aspx
>
> The paragrah in question reads (see link for more context):
> "If the user does not consent, then the service should still use the
> INetFwV4OpenPort COM interface to add rules to Windows Firewall to open
> the fixed port or ports needed by the service. These rules, however,
> should not be enabled so that an administrator can easily turn the rules
> on if necessary at a later time."
>
> I do not understand the last sentence? Can some one clarify what they
> mean.
>
> Is this the same sentiment as found under the heading "IPv4 Inbound
> Connections for Services" on another page?
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/securityinxpsp2.asp
> I think that on the second page they are more clear when they say:
> "If the user does not consent, then the service should still use the
> INetFwV4OpenPort API to add rules to ICF to open the fixed port or ports
> needed by the service. However, these rules should not be enabled. "
>
> Sorry for the cross post I think that it should be on topic for the most
> part. I am hoping that one of MS guys will read this and see if they can
> clearup the confusion on the page in question.
>
> Thanks,
> Scott
PA Bear
July 24th 04, 10:09 AM
NNTP-Posting-Host: 24.229.252.245.cmts.eph.ptd.net 24.229.252.245
Path: imp.nntpserver.com!newsfeed-west.nntpserver.com!newsfeed-east.nntpserver.com!nntpserver.com!chi1.usenetserv er.com!atl-c02.usenetserver.com!news.usenetserver.com!border1 .nntp.dca.giganews.com!nntp.giganews.com!newsfeed. cwix.com!TK2MSFTNGP08.phx.gbl!TK
2MSFTNGP11.phx.gbl
Xref: newsfeed-west.nntpserver.com microsoft.public.win32.programmer.networks:42471 microsoft.public.windowsxp.beta.general:14313 microsoft.public.windowsxp.beta.help-and-support:2961 microsoft.public.windowsxp.security_admin:165972
Are you participating in the beta testing of WinXP SP2, Scott? Your query
should not be posted to non-beta newsgroups (where very few "MS guys" lurk).
--
HTH - Please Reply to This Thread
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP
AumHa Forums
http://forum.aumha.org
What You Should Know About Spyware
http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx
Scott Herriman wrote:
> I have a question regarding the MSDN help for Windows XP SP2 on the page,
> "Firewall - Developer Implications" in the section entitled "IPv4 inbound
> connections for services"
> http://msdn.microsoft.com/security/productinfo/XPSP2/networkprotection/firewall_devimp.aspx
>
> The paragrah in question reads (see link for more context):
> "If the user does not consent, then the service should still use the
> INetFwV4OpenPort COM interface to add rules to Windows Firewall to open
> the fixed port or ports needed by the service. These rules, however,
> should not be enabled so that an administrator can easily turn the rules
> on if necessary at a later time."
>
> I do not understand the last sentence? Can some one clarify what they
> mean.
>
> Is this the same sentiment as found under the heading "IPv4 Inbound
> Connections for Services" on another page?
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/securityinxpsp2.asp
> I think that on the second page they are more clear when they say:
> "If the user does not consent, then the service should still use the
> INetFwV4OpenPort API to add rules to ICF to open the fixed port or ports
> needed by the service. However, these rules should not be enabled. "
>
> Sorry for the cross post I think that it should be on topic for the most
> part. I am hoping that one of MS guys will read this and see if they can
> clearup the confusion on the page in question.
>
> Thanks,
> Scott
Louis Solomon [SteelBytes]
July 24th 04, 10:28 AM
NNTP-Posting-Host: steelbytes.com 218.214.18.198
Path: imp.nntpserver.com!newsfeed-west.nntpserver.com!newsfeed-east.nntpserver.com!nntpserver.com!news2.euro.net! news2.euro.net!fr.ip.ndsoftware.net!newsfeed00.sul .t-online.de!t-online.de!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gb l
Xref: newsfeed-west.nntpserver.com microsoft.public.win32.programmer.networks:42473 microsoft.public.windowsxp.beta.general:14318 microsoft.public.windowsxp.beta.help-and-support:2964 microsoft.public.windowsxp.security_admin:165989
I think it is saying that although a program can punch holes on the XP SP2
firewall without user interaction or warnings, it should have this feature
of itself able to be disabled by an admin.
--
Louis Solomon
www.steelbytes.com
"Scott Herriman" > wrote in message
...
>I have a question regarding the MSDN help for Windows XP SP2 on the page,
> "Firewall - Developer Implications" in the section entitled "IPv4 inbound
> connections for services"
> http://msdn.microsoft.com/security/productinfo/XPSP2/networkprotection/firewall_devimp.aspx
>
> The paragrah in question reads (see link for more context):
> "If the user does not consent, then the service should still use the
> INetFwV4OpenPort COM interface to add rules to Windows Firewall to open
> the
> fixed port or ports needed by the service. These rules, however, should
> not
> be enabled so that an administrator can easily turn the rules on if
> necessary at a later time."
>
> I do not understand the last sentence? Can some one clarify what they
> mean.
>
> Is this the same sentiment as found under the heading "IPv4 Inbound
> Connections for Services" on another page?
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/securityinxpsp2.asp
> I think that on the second page they are more clear when they say:
> "If the user does not consent, then the service should still use the
> INetFwV4OpenPort API to add rules to ICF to open the fixed port or ports
> needed by the service. However, these rules should not be enabled. "
>
> Sorry for the cross post I think that it should be on topic for the most
> part. I am hoping that one of MS guys will read this and see if they can
> clearup the confusion on the page in question.
>
> Thanks,
> Scott
>
>
Louis Solomon [SteelBytes]
July 24th 04, 10:32 AM
NNTP-Posting-Host: steelbytes.com 218.214.18.198
Path: imp.nntpserver.com!newsfeed-west.nntpserver.com!newsfeed-east.nntpserver.com!nntpserver.com!news2.euro.net! news2.euro.net!fr.ip.ndsoftware.net!newsfeed00.sul .t-online.de!t-online.de!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gb l
Xref: newsfeed-west.nntpserver.com microsoft.public.win32.programmer.networks:42473 microsoft.public.windowsxp.beta.general:14318 microsoft.public.windowsxp.beta.help-and-support:2964 microsoft.public.windowsxp.security_admin:165989
I think it is saying that although a program can punch holes on the XP SP2
firewall without user interaction or warnings, it should have this feature
of itself able to be disabled by an admin.
--
Louis Solomon
www.steelbytes.com
"Scott Herriman" > wrote in message
...
>I have a question regarding the MSDN help for Windows XP SP2 on the page,
> "Firewall - Developer Implications" in the section entitled "IPv4 inbound
> connections for services"
> http://msdn.microsoft.com/security/productinfo/XPSP2/networkprotection/firewall_devimp.aspx
>
> The paragrah in question reads (see link for more context):
> "If the user does not consent, then the service should still use the
> INetFwV4OpenPort COM interface to add rules to Windows Firewall to open
> the
> fixed port or ports needed by the service. These rules, however, should
> not
> be enabled so that an administrator can easily turn the rules on if
> necessary at a later time."
>
> I do not understand the last sentence? Can some one clarify what they
> mean.
>
> Is this the same sentiment as found under the heading "IPv4 Inbound
> Connections for Services" on another page?
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/securityinxpsp2.asp
> I think that on the second page they are more clear when they say:
> "If the user does not consent, then the service should still use the
> INetFwV4OpenPort API to add rules to ICF to open the fixed port or ports
> needed by the service. However, these rules should not be enabled. "
>
> Sorry for the cross post I think that it should be on topic for the most
> part. I am hoping that one of MS guys will read this and see if they can
> clearup the confusion on the page in question.
>
> Thanks,
> Scott
>
>
vBulletin® v3.6.4, Copyright ©2000-2012, Jelsoft Enterprises Ltd.