On Thu, 2004-09-23 at 06:00, Harlan Carvey wrote:
> I think you're right. I read through the first two
> lines of the SP2 "issue"...this "certain
> configuration" they're talking about is essentially
> allowing file and printer sharing, even with the f/w
> enabled. Uh...duh!

I think the contention is that when file/printer sharing is enabled, and
the firewalls is activated, SMB ports are open on the dial-up interface
without having been explicitly opened via the firewall policy (unlike
the network interface). So in a sense, yes, there is a bug. The implicit
allow is probably not a good thing, but the main issue seems to be that
while SMB ports are closed on exiting interfaces (like network cards),
the policy setting is not applied to inactive, dynamic interfaces -- the
RAS interface in essence. Once you dial-up, and thus activate the
interface, the ports are open even though that is not specified in the
firewall policy.

Someone should verify if this also applies to other inactive, dynamic
interfaces likes RAS & Routing interfaces and PPTP tunnels.

Seems indeed like a bug (just from reading, I have not verified it). But
I agree that this issue is blown way out of proportions. The main reason
is that there is no negative change. I mean, this issue has been there
all these years. The XP firewall may not close the ports due to a bug,
but it's not like new holes are opened.

Oh well, free advertising for PC Welt I guess...

Regards,
Frank

[ reply ]