Windows system >> Windows XP System Tutorial >> XP system basics

Details Win XP SP2 Firewall Combat Strategy

★ How Windows XP SP2 Firewall Works

Windows Firewall does not affect the use of web applications that only use browsing, email, and other systems. In other words, using IE, Outlook Express and other systems to connect to the network, the firewall is not intervened by default. When Microsoft set the built-in rules of the firewall, it has already opened a "green channel" for its own applications, so after installing SP2, even if you open its firewall and enable "no exceptions", you can add Internet to "exceptions". And the firewall will not ask if you want to allow IE to pass.

★The difference between SP2 firewall and third-party firewall software

As far as the firewall function is concerned, Windows Firewall only blocks all incoming unsolicited traffic, and actively requests outgoing traffic. Do not care. Third-party virus firewall software generally monitors and audits access in both directions, which is the biggest difference between them. If an intrusion has already occurred or spyware is installed and actively connected to the external network, the Windows Firewall is at a loss. However, since the attacks are mostly external, and if the spyware secretly opens the port to allow external requests to connect, the Windows Firewall will immediately block the connection and pop up a security warning, so the average user does not have to worry too much about this. It's like the door in the hotel - the outside person has to enter the door with a key, and the person in the house has to go out, just pull the door handle.

real 1: Skynet firewall and Windows Firewall in two different

our software to network requests respectively QQGame monitor.

Step 1: Make sure not to add the QQGame program to their respective "exceptions" rules, and then log in to the QQ game lobby;

Step 2: At this point you will find that Skynet personal firewall immediately block network access QQ games, and then ask whether to grant access (see Figure 1);

step Three: the Windows firewall on the initiative of the requesting station does nothing, as if no firewall Similarly, after entering the account information and logging in to the game platform, QQGame has actually completed the access to the network; at this time, the game information needs to be downloaded to the local (that is, there is an external access request), and the firewall pops up the "Windows security alert" (see figure 2). "Notify me when Windows Firewall blocks a program" Open the firewall settings, deselect the "Exceptions" tab namely:

Tip

cancel "Windows Security Alert" approach can.

Practical 2: Let XP SP2 correctly recognize UPnP (Universal Plug and Play)

Pre-war analysis: BitComet has its own intranet interconnection (NAT Traversal) technology
And support UPnP NAT and Windows XP firewall, so that friends on the intranet can get quite fast download speed when doing BT download. But since upgrading to SP2 and enabling Windows Firewall, BitComet software has become very slow! This is because the firewall is not set up, so the system does not recognize the UPnP device correctly.

Step 1: Windows XP supports UPnP by default. If you do not see this option in the "Exceptions", it means that UPnP device support is not installed. Open the "Network Neighborhood" window and click "Show icon of networked UPnP device" in the toolbar on the left side. If the UPnP device file is not installed or installed incorrectly, the system will be installed automatically (see Figure 3);

Step 2: Open the firewall in the "Control Panel" and start it. Make sure that the "Do not allow exceptions" option is not checked. When BitComet is turned on, Windows Firewall may prompt you to block the Program, select "Unblock";

Step 3: Click the "Exceptions" tab and check the "UPnP Framework".

Combat 3: Open a pass for remote management

Pre-war analysis: When passing the Computer Management (Disk Management) in the MMC console, Disk Management When the component remote management program manages other computers on the LAN, the computer must open the TCP 445 port. If you are remotely operating a computer that has XP SP2 installed and has a firewall enabled, you will have to manually open this TCP port.

Step one: Open the firewall settings window, switch to the "Exceptions" tab, check the "File and Printer Sharing"

Step Two: Click the "Edit" button in the open Select "TCP 445" in the "Edit Service" window, click Change scope, check "My network only" or check "Custom list" and enter the IP address of the computer to be controlled (see Figure 4).

tips

the above steps may be used in place of the command, i.e. the input "netsh firewall set portopening TCP 445 TCP445 ENABLE" command prompt window (without the quotes).
combat 4: completely buttoned "Remote Desktop" connection

prewar analysis: the method is simple by Windows XP SP2 firewall for remote collaboration, remote collaboration using a dynamic port. Select the Remote Collaboration project in the Programs and Services list on the Exceptions tab of the Firewall Settings dialog so that Windows automatically monitors and properly handles all communication requests from the sessmgr.exe application to complete the connection. Windows NetMeeting's remote desktop is more complicated, although there is a "Remote Desktop" option in the Exceptions tab, but if you choose this option, it is actually open TCP port 3389, and you may not be able to complete the remote desktop connection.

Method: With Windows Firewall turned on, you must use Windows NetMeeting in the Programs and Services list on the Exceptions tab of the Windows Firewall before you can use the Remote Desktop Sharing feature of Windows NetMeeting. Add an entry to the %systemroot% System32Mnmsrvc.exe file and the C:Program FilesNetMeetingconf.exe file respectively.

Actual combat 5: Only let the intranet "Ping" me!

Pre-war analysis: By default, the XP SP2 firewall does not allow ICMP inbound data to enter, and will not reply to ICMP return data. This prevents the commonly used command tool "Ping" from detecting network faults to detect you. Computers, but for some users who have enabled shared Internet access, the intranet cannot use Ping to check their network conditions.

one: according to the method of actual combat 2, respectively, the "File and Printer Sharing" in the open TCP port can be applied to the subnet.

Method 2: Open the Windows Firewall, switch to the "Advanced" tab, double-click the "Local Area Connection" connected to the internal network, switch to the "ICMP" tab, and check "Allow incoming echoes" Request", confirm all operations (see Figure 5).

ICMP protocol

ICMP is an acronym for "Internet Control Message Protocol" (Internet Control Message Protocol), which is a sub-protocol TCP /IP protocol suite for Control messages are transmitted between the IP host and the router. The control message refers to the network itself, such as the network is unreachable, the host is reachable, and the route is available. These control messages do not transmit user data, but play an important role in the transmission of user data. We often use the ICMP protocol in the network, but we are not aware of it. For example, the Ping command we often use to check the network is not working is actually the process of ICMP protocol work, and the Tracert command such as traceroute is also based on ICMP protocol.