Using the Firewall for Internet Connections in Windows XP

by Johannes Helmig [Published on 23 Sept. 2001 / Last Updated on 23 Sept. 2001]

Windows XP includes a Firewall to protect your system against unwanted "visitors" from the
Internet ( but not controlling connections from your system to the Internet, for which you would
need to install a Non-Microsoft Firewall, like ZoneAlarm ) , which is configured using the Properties
of the modem-connection :
( using the Firewall on a LAN connection will cause network access problems to your system )

In the properties of the Internet Connection :
tab: Advanced.

make sure, that the checkmark is placed for
the Internet Connection Firewall.

Using Settings, you can configure the firewall.
tab : Services

The list of programs, which could run on your
system.
By default, no access is allowed from the
Internet to your system to any of these services.

Unless you need to grant such an access,
do NOT activate any of these services.
tab: Security Logging

Allows to activate a log-file
tab : ICMP

ICMP (Internet Control Message Protocol is
part of TCP/IP, the most common use is the
PING program to test a network connection.

By default, the firewall will NOT respond to
any ICMP , incl. PING, from the Internet.

Let's test the security of your system using the XP Firewall and visit on the Internet
www.grc.com , click on the "Shields UP" twice :

You can then run a check on your network security and your TCP/IP ports:

Test "your Shields" :

Shields UP! is checking YOUR computer's Internet
connection security . . . currently located at IP:

Please Stand By. . .
1
Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
Please Note: On highly secure systems this may take up to one minute. . .
+
Preliminary Internet connection established!
Your computer has accepted an anonymous connection from another machine it knows nothing about! (That's not good.) This ShieldsUP! web server has been permitted to connect to your computer's highly insecure NetBIOS File and Printer Sharing port (139). Subsequent tests conducted on this page, and elsewhere on this website, will probe more deeply to determine the extent of this system's vulnerability. But regardless of what more is determined, the presence and availability of some form of Internet Server HAS BEEN CONFIRMED within this machine . . . and it is accepting anonymous connections!

The rest of this website explains the implications and dangers of your present configuration and provides complete and thorough instruction for increasing the security of this system. At the moment, any passing high speed Internet scanner will quickly spot this computer as a target for attack. (When this page has completely finished displaying, you might wish to sneak a quick peek at these two pages to see what lies ahead at this website: )

The phrase you must remember is:
"My port 139 is wide OPEN!"
-
Unable to connect with NetBIOS to your computer.
The attempt to connect to your computer with NetBIOS protocol over the Internet (NetBIOS over TCP/IP) FAILED. But, as you can see below, significant personal information is still leaking out of your system and is readily available to curious intruders. Since you do not appear to be sharing files or printers over the TCP/IP protocol, this system is relatively secure. It is exposing its NetBIOS names (see below) over the Internet, but it is refusing to allow connections, so it is unlikely that anyone could gain casual entry into your system due to its connection to the Internet.


Then , also test "your Ports : "


Port

Service

Status
Security Implications

21

FTP

Stealth!
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

23

Telnet

Stealth!
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

25

SMTP

Stealth!
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

79

Finger

Stealth!
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

110

POP3

Stealth!
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

113

IDENT

Stealth!
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

135

RPC

Stealth!
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

139

Net
BIOS

Stealth!
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

143

IMAP

Stealth!
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

443

HTTPS

Stealth!
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

445

MSFT
DS

Stealth!
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

5000

UPnP

Stealth!
There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

Good : Your system will be invisible on the Internet , not allowing
ANY access from the Internet to any information on your system !


Advanced Setup:
In case you have the Internet Information Server
(maybe including the FTP-server) installed and you
like to allow access from the Internet, then you
need to place the Check-marks (you are prompted
to confirm the system allowed to be accessed)
Activate ONLY the service, which people
need to access from the Internet.
tab: ICMP

To allow people on the Internet to test, that the
connection is working to your system, you should
allow incoming echo requests (PING-requests).

Warning: now your systems becomes also
visible for all these "bad boys and girls", which
probe all IP-addresses on the Internet and then
try to find out which system they had found, and
some of them may try to damage your system !

When testing via via www.grc.com your protection, then it will show the open ports to
allow people from the Internet to use your system as FTP-server :


Port

Service

Status
Security Implications

21

FTP

OPEN!
FTP servers have many known security vulnerabilities and the payoff from exploiting an insecure FTP server can be significant. This system's open FTP port is inviting intruders to examine your system more closely.

See Also

Featured Links