Christopher Schultz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Konstantin,
On 1/22/14, 9:03 AM, Konstantin Preißer wrote:
Hi Jeffrey,
-----Original Message----- From: Jeffrey Janner
[mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, January 21,
2014 10:19 PM
Eureka, I finally figured it out! It was a real eureka moment,
some remembrance burned its way up from my subconscious and I had
the answer. Ready guys? Really surprised no one mentioned it. It
was Windows F-ing Firewall!!!!!
Good to hear that you could find and solve the problem.
(Off topic:)
I HATE WINDOWS!!!!!!
What I can't quite understand is, how one can "hate" Windows or its
"F-ing" firewall, if they just do what they were configured to
do... ;-)
When setting up the Windows Firewall, I normally only create rules
for specific (TCP) ports, not for specific executables, so that the
firewall allows connections to a TCP port regardless of what the
name or path of the executable is.
Actually, as surprising as it can sometimes be, I find that the
Windows firewall is better than iptables *because* it /can/ do things
like this. You can make your system a bit safer.
For instance, if your server is compromised (yes, I know, once you're
owned, you're owned) and the attacker installs some malware of some
kind, that malware will not be able to bind to a port or even make
outgoing connections, even on "standard" outgoing ports -- for
instance HTTP.
Lots of malware connects to external C&C servers to give instructions,
and the Windows wirewall makes it easy to prevent that from happening
even when ports like 80 are used -- and typically left wide-open on
servers.
Of course, one could argue that the Windows Firewall needs to offer this, because it is
inherently easier to infect with malware a Windows server than a Linux server.
So it needs to compensate somehow..
;-)
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
