-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Konstantin,
On 1/22/14, 9:03 AM, Konstantin Preißer wrote: > Hi Jeffrey, > >> -----Original Message----- From: Jeffrey Janner >> [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, January 21, >> 2014 10:19 PM > >> Eureka, I finally figured it out! It was a real eureka moment, >> some remembrance burned its way up from my subconscious and I had >> the answer. Ready guys? Really surprised no one mentioned it. It >> was Windows F-ing Firewall!!!!! > > Good to hear that you could find and solve the problem. > > (Off topic:) > >> I HATE WINDOWS!!!!!! > > What I can't quite understand is, how one can "hate" Windows or its > "F-ing" firewall, if they just do what they were configured to > do... ;-) > > When setting up the Windows Firewall, I normally only create rules > for specific (TCP) ports, not for specific executables, so that the > firewall allows connections to a TCP port regardless of what the > name or path of the executable is. Actually, as surprising as it can sometimes be, I find that the Windows firewall is better than iptables *because* it /can/ do things like this. You can make your system a bit safer. For instance, if your server is compromised (yes, I know, once you're owned, you're owned) and the attacker installs some malware of some kind, that malware will not be able to bind to a port or even make outgoing connections, even on "standard" outgoing ports -- for instance HTTP. Lots of malware connects to external C&C servers to give instructions, and the Windows wirewall makes it easy to prevent that from happening even when ports like 80 are used -- and typically left wide-open on servers. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS3+BXAAoJEBzwKT+lPKRY90wP+wf4cgzEyOG0ygkZHsXto6Yq HFrJIUGq6f+G5GoJixkpMWGpyff8JoCwWGcvoR6FZ/BTEQRoDwFa/K6wJSgFdWJO 50YzSy/YR8eceApeRSd3GDK08Bs04ApOcZbkEhHdWIhSgko/afHXegYGswW0TYcQ sTarB6FjuDMytwMnEFzpfiAbkxdNPi5VjgISgQnZyuMp1e/+jVEX54E3NT3CcVvU 99FkCFz9fF/rf58ZV6OcOZJjpDFSkXR+AczBtngJ2J371tTKvf7gjny+L/NhTU40 VSCinqDAoV00OPvt+a1kDIDmxmVBKUSl/lFGtCKCzfBC9zaotuJNFsDdTZo6VSvn e952a3XlyoBS8KgI9d5wWuTy/tnQv/ACXTyvFYRdSPF4lcbVlyFJJte/oQ+sJwm6 iJsNlfiHzn3SMbYY2pgqYeE4FWyrO2xLaB6G6AggIoD4b8gJKgL+EENGf2/8g+hK 4kK78dFMyfFpaSbKs0HzQthi5L+/+QuRBwjfJ9Ha9P3hDjZwC6T5w/2AtrfCdEE+ UUtc/hnvnMAHRUZr09WFByv3QXk4SnmAzmJs3esGdWk3fIbZI9NGfq12JKAXxU/B tReqRDGkUW2rW0o4Gnkpi3Am8jVws6EsoNxI8pgVu8hzSPkZzjCpSOQLI03erCA5 UZlWdqV/De3Aq+hqJp8P =tJQA -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
