On Wed, Jan 22, 2014 at 10:14 AM, Christopher Schultz < ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Konstantin, > > On 1/22/14, 9:03 AM, Konstantin Preißer wrote: > > Hi Jeffrey, > > > >> -----Original Message----- From: Jeffrey Janner > >> [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, January 21, > >> 2014 10:19 PM > > > >> Eureka, I finally figured it out! It was a real eureka moment, > >> some remembrance burned its way up from my subconscious and I had > >> the answer. Ready guys? Really surprised no one mentioned it. It > >> was Windows F-ing Firewall!!!!! > > > > Good to hear that you could find and solve the problem. > > > > (Off topic:) > > > >> I HATE WINDOWS!!!!!! > > > > What I can't quite understand is, how one can "hate" Windows or its > > "F-ing" firewall, if they just do what they were configured to > > do... ;-) > > > > When setting up the Windows Firewall, I normally only create rules > > for specific (TCP) ports, not for specific executables, so that the > > firewall allows connections to a TCP port regardless of what the > > name or path of the executable is. > > Actually, as surprising as it can sometimes be, I find that the > Windows firewall is better than iptables *because* it /can/ do things > like this. You can make your system a bit safer. > > For instance, if your server is compromised (yes, I know, once you're > owned, you're owned) and the attacker installs some malware of some > kind, that malware will not be able to bind to a port or even make > outgoing connections, even on "standard" outgoing ports -- for > instance HTTP. > > Lots of malware connects to external C&C servers to give instructions, > and the Windows wirewall makes it easy to prevent that from happening > even when ports like 80 are used -- and typically left wide-open on > servers. > > - -chris > +1 chris, and for these reasons/features (and more), I LOVE WINDOWS (SERVER 2008)!!! :)
