I'm still concerned about the lack of IP filtering at startup. On
typical machines this can be a minute, from the end of the blue
progress bar until about 10 or 20 seconds after the login screen.
Vulnerability seems to depend on which services are started
automatically and in what order. I'm worried that by enabling or
disabling a service I might increase my exposure.
During this window, my server spills its guts; the system and some
add-on services start broadcasting. LanGuard is able to get system
info from ports 135 and (if I "accidently" forget to disable NetBIOS
on the TCP/IP properties) 139. If I enable simple TCP and simple TCP
starts up and I can get time and date. I can FTP. I would guess
that a system with Terminal Services or pcAnywhere might have these
exposed if they end up being loaded early. A minute might be too
short of a time to crack these, but might expose they exist or expose
them to those who have pw some other way.
I found this same problem with another firewall and with IPSec.
Anybody familiar with system startup?
Dependencies: Firewall --> IP Filtering Extension --> IP Filter --> TCP/IP
Or maybe somebody can convince me this is not a problem.
Dar Scott
