Detailed Windows XP SP2 firewall combat strategy

  
        ★How Windows XP SP2 Firewall Works Windows Firewall does not affect the use of web applications that come with only browsing, email, and other systems. In other words, using IE, Outlook Express and other systems to connect to the network, the firewall is not intervened by default. When Microsoft set the built-in rules of the firewall, it has already opened a "green channel" for its own applications, so after installing SP2, even if you open its firewall and enable "no exceptions", you can add Internet to "exceptions". And the firewall will not ask if you want to allow IE to pass. ★ The difference between SP2 firewall and third-party firewall software As far as the firewall function is concerned, Windows Firewall only blocks all incoming unsolicited traffic, and ignores the traffic that is actively requested. Third-party virus firewall software generally monitors and audits access in both directions, which is the biggest difference between them. If an intrusion has already occurred or spyware is installed and actively connected to the external network, the Windows Firewall is at a loss. However, since the attacks are mostly external, and if the spyware secretly opens the port to allow external requests to connect, the Windows Firewall will immediately block the connection and pop up a security warning, so the average user does not have to worry too much about this. It's like the door in the hotel - the outside person has to enter the door with a key, and the person in the house has to go out, just pull the door handle. Actual combat 1: Different between Skynet firewall and Windows firewall
We use two kinds of software to monitor the QQGame network request separately. Step 1: Confirm that you don't add the QQGame program to your "Exceptions" rule, and then log in to the QQ game lobby. Step 2: At this point, you will find that Skynet Personal Firewall immediately blocks the network access of QQ games and then asks Whether to give access (see Figure 1); The third step: Windows Firewall does not do anything to this active outbound request, as if there is no firewall, enter the account information and log in to the game platform, QQGame has actually completed the outside Network access; at this point, the game information needs to be downloaded locally (that is, there is an external access request), and the firewall pops up the "Windows Security Alert" (see Figure 2). Tips To cancel the "Windows Security Alert": After opening the firewall settings, deselect "Notify me when Windows Firewall Blocker" is selected in the Exceptions tab. Combat 2: Let XP SP2 correctly recognize UPnP (Universal Plug and Play)
Pre-war analysis: BitComet has NAT Traversal technology, and supports UPnP NAT and Windows XP firewall to make intranet Friends can get fairly fast download speeds when doing BT downloads. But since upgrading to SP2 and enabling Windows Firewall, BitComet software has become very slow! This is because the firewall is not set up, so the system does not recognize the UPnP device correctly. The first step: Windows XP supports UPnP by default. If you do not see this option in the "Exceptions", it means that UPnP device support is not installed. Open the "Network Neighborhood" window, click "Show icon of networked UPnP device" in the toolbar on the left side. If the UPnP device file is not installed or installed incorrectly, the system will be installed automatically (see Figure 3); Step: Open the firewall in the "Control Panel" and start, confirm that the "Do not allow exceptions" option is not checked; when you open BitComet, Windows Firewall may prompt you to block the program, select "Unblock"; Three steps: Click the "Exceptions" tab and check the "UPnP Framework". Combat 3: Open a pass for remote management
Pre-war analysis: When managing other computers on the LAN through the remote management program of Computer Management, Disk Management, etc. in the MMC console, the computer must Open TCP port 445. If you are remotely operating a computer that has XP SP2 installed and has a firewall enabled, you will have to manually open this TCP port. Step 1: Open the Firewall Settings window, switch to the "Exceptions" tab, and check "File and Printer Sharing". Step 2: Click the "Edit" button and select "TCP 445" in the "Edit Service" window that opens. , click Change scope, check "My network only" or check "Custom list" and enter the IP address of the computer you want to control (see Figure 4). Tips The above steps can be replaced with commands, ie enter "netsh firewall set portopening TCP 445 TCP445 ENABLE" (without quotes) in the command prompt window. Combat 4: Thoroughly get the "Remote Desktop" connection
Pre-war analysis: The way to achieve remote collaboration through the Windows XP SP2 firewall is very simple, remote collaboration uses dynamic ports. Select the Remote Collaboration project in the Programs and Services list on the Exceptions tab of the Firewall Settings dialog so that Windows automatically monitors and properly handles all communication requests from the sessmgr.exe application to complete the connection. Windows NetMeeting's remote desktop is more complicated, although there is a "Remote Desktop" option in the Exceptions tab, but if you choose this option, it is actually open TCP port 3389, and you may not be able to complete the remote desktop connection. Method: With Windows Firewall turned on, you must use Windows NetMeeting and %systemroot% \\System32 in the Programs and Services list on the Exceptions tab of the Windows Firewall before you can use the Remote Desktop Sharing feature of Windows NetMeeting. Add an entry to the \\Mnmsrvc.exe file and the C:\\Program Files\\NetMeeting\\conf.exe file respectively. Actual combat 5: Only let the intranet "Ping" me!
Pre-war analysis: By default, the XP SP2 firewall does not allow ICMP inbound data to enter, and will not reply to ICMP return data. This prevents the commonly used command tool "Ping" from checking network faults to detect your computer. However, for some users who have enabled shared Internet access, the intranet cannot use Ping to check their network conditions. Method 1: According to the method of actual combat 2, the TCP port opened in "File and Printer Sharing" can be applied to the subnet respectively. Method 2: Open the Windows Firewall, switch to the "Advanced" tab, double-click the "Local Area Connection" connected to the intranet, switch to the "ICMP" tab, and check "Allow incoming echo requests" to confirm all operations. Just (see Figure 5). ICMP Protocol
ICMP is an abbreviation of "Internet Control Message Protocol", which is a sub-protocol in the TCP/IP protocol suite for transmitting control messages between IP hosts and routers. The control message refers to the network itself, such as the network is unreachable, the host is reachable, and the route is available. These control messages do not transmit user data, but play an important role in the transmission of user data. We often use the ICMP protocol in the network, but we are not aware of it. For example, the Ping command we often use to check the network is not working is actually the process of ICMP protocol work, and the Tracert command such as traceroute is also based on ICMP protocol.
Copyright © Windows knowledge All Rights Reserved