Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Windows Firewall Article; Hardware Firewall; Follow up on Previous Diaries - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Windows Firewall Article; Hardware Firewall; Follow up on Previous Diaries
Windows Firewall Article

Microsoft has recently updated the article on "Troubleshooting Windows Firewall in Microsoft Windows XP Service Pack 2".

The article describes the common problems using Windows Firewall and tools that can be used to troubleshoot Windows Firewall issues.

If you are using Windows Firewall, you may find it useful, in particular the section on "Windows Firewall Troubleshooting Tools". The URL is rather long, so you will have to cut/paste this:

http://www.microsoft.com/downloads/
details.aspx?FamilyID=a7628646-131d-
4617-bf68-f0532d8db131&DisplayLang=en


Hardware Firewall

Thanks to Jason Lam pointing this to me. This may not be a very new, but since we are on the topic of firewalls, it will be interesting to know that Nvidia has released a motherboard controller that makes it possible to build a hardware firewall within a PC itself. We may have more hardware-based firewall solution in future.

http://security.itworld.com/4357/041020nvidia/page_1.html
Follow up on "Rumours about Windows SP2 vulnerabilities"

Two days ago ( http://isc.sans.org/diary.php?date=2004-11-11 ), we mentioned the rumours about Windows SP2 vulnerabilities. Microsoft is looking into this and at this time they cannot confirm Finjan's claims of the ten vulnerabilities in Windows XP SP2.

Let hope this will clear soon and is good news from Microsoft.

http://www.computerworld.com/securitytopics/
security/holes/story/0,10801,97478,00.html?SKC=holes-97478

Follow up on "AV Vendors Taking Out Valuable Resource"

Yesterday ( http://isc.sans.org/diary.php?date=2004-11-12 ) handler of the day John Bambenek pointed out that VirusTotal removed several leading AV vendors from their scanning service. The Storm Center is not privy to the specific reasons for the decision at VirusTotal, and our choice of words on why there was a change is only an opinion. Regardless, most of the major AV vendors provide a free malware scanning service on their own home pages. These sites should be consulted together with the VirusTotal service when trying to identify if a there is a known signature for a particular piece of malware. For example, AVERT Labs provides a free malware scanning service at http://vil.nai.com/vil/submit-sample.asp

A list of AV sites offering scanning services is at http://virusall.com/virussubmit.html . We cannot and do not endorse any of these links, but are providing them as a public service to others in the infosec business.
Koon Yaw

68 Posts

Sign Up for Free or Log In to start participating in the conversation!