Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> It doesn't look like Windows does anything at all regarding preventing programs from binding to a particular port

Correct. By default a program may bind, but inbound traffic is blocked.

> and it also doesn't look like an Allow rule that points to a particular executable overrides a general Deny rule

Correct. That's not how the fw is designed. By design a "block" rule are processed before "allow" rules [0] (although authenticated bypass rules are processed before block rules).

There's an overall setting to allow or deny traffic not matching any rules. By default it is "block" for inbound and "allow" for outbound traffic.

> I can't test to see if I could DoS a legit daemon with this

I don't think you can. Perhaps if you could get in before the daemon (service)?

> Have you personally successfully used application-based inbound port filtering?

Yes. And I tested it with a small UDP server before I wrote my first post in this thread. When the server started I got a FW prompt that the program was trying to communicate. I canceled the dialog. The FW had now created a "block" rule for the server, blocking all inbound traffic. Yes, it showed up a bound to the port in netstat, but all traffic was blocked.

[0] https://technet.microsoft.com/en-us/library/dd421709(v=ws.10...



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: