Borrowed from http://www.peerguardian.net.
Many people had a difficult time accessing the information, without a membership, so I have posted it here.
The site has since disappeared, so unless someone else has saved a copy and posted it like we have, this may be the only way you will ever read this well written guide.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
---------------------------------------------------------------------------------------------------------------
-<>>FIREWALL GUIDE<<>-
--------------------------------------------------------------------------------------------------------------
------------------------------------------------------
Windows PC Software Firewalls:
--------------------------------------------------------------------------------------------------------------
------------------------------------------------------


QUOTE

The only secure computer is one that's unplugged, locked in a safe, and buried 20 feet under the ground in a secret location...and i'm not even too sure about that one --Dennis Huges, FBI.

-------------------------------------------------------
--------------------------------------------------------------------------------------------------------------

Data transfers on the Net are always in the form of packets -- relatively small packages of data.
These packets each carry an IP address and port number for their source and destination .
The port number is the mechanism which allows multiple applications to use the same network connection simultaneously.

Any application, such as your browser (or Back Orifice for instance),
which is using the network link, has one or more port numbers assigned to its exclusive use.
The port number is assigned two bytes (16 bits) in each packet.
There are therefore 65,536 (216) possible port numbers.
The Windows network software (Winsock) which manages network data exchange receives these packets,
checks the port number in each, and passes them to the appropriate application.

--------------------------------------------------------------------------------

A firewall is an application that lets you control and filter packets flowing in and out of your computer or network.
Almost all PC's accept certain types of connections, and hackers can take advantage of this when probing for systems to attack.

Such techniques include:

Ping -
A method for determining whether a system is connected to the Internet at a particular address.
You ping a system by sending what's known as an ICMP Echo Request packet.
If the target is connected, you'll receive a 'pong' in response. Most operating systems, including Windows, have this program: just try running the command "ping foo.com" where foo.com is any domain name or IP address.

Operating System Fingerprinting -
By sending/receiving a single specially crafted packet, an attacker can both determine whether a system is connected to an IP address and what operating system it is running
(Windows XP, Windows 95, Red Hat Linux, etc).

Port scans -
It is possible to determine whether any server programs are active and listening for data on a system by sending a connection request to every single possible port number. If you and the attacker both have fast Internet connections, then thousands of ports can be scanned within seconds.

Firewalls are effective at blocking all of these kinds of probes as well as any other intrusion or denial of service attacks by immediately rejecting any incoming packets that weren't solicited from programs running on your computer. The attacker never receives a response, creating the illusion that there is no computer at your IP address.

This in turn prevents any further attempts to exploit security vulnerabilities and break into a system.

Outbound Filtering:
Some firewalls (such as the one included with Windows XP) only work in a single direction - they examine packets your computer is receiving, not those it sends. This is because in most cases, data originating from your computer, such as requests for web pages, is legitimate But hostile applications like trojan horses, worms, and viruses can use your Internet connection to send an attacker sensitive information such as your files, screen captures, or even keystrokes.

It is therefore crucial that your firewall has some mechanism for filtering outbound traffic from your computer.
This is usually done by building up a list of programs that are allowed to use your Internet connection.
If an unauthorized program makes a connection attempt, the firewall alerts you and lets you decide whether or not to give it permission to proceed.


Q: Which kind of packet filters will make a WUPS scan fail?
A: A packet filter that drops UDP packets from the scanner to the scanned system,
and also a filter that drops ICMP packets going from the scanned system to the scanner.
(windows udp port scan)


What are "ports" and "protocols"?
Basically a port is an access channel and a protocol is a standardized way for computers to exchange information.

Your computer must send and receive data to participate on the Internet.
The data is sent and received by software that usually comes with your computer.

This software automatically organizes the data to be sent into packets. These packets are made in a standardized way (a protocol) so other computers can recognize them as data. Similar software is used at the receiving computer to automatically join the packets so the original message is duplicated.

The Internet is constructed so many different routes can be taken by the data traveling on it.
In this way, if part of a route is too busy or breaks down then the packets are simply sent on another route.
This routing is handled by equipment called routers, which are located throughout the Internet.
Each data packet is routed independently so a message broken into 10 packets could take 10 totally different routes over the Internet.
Routers know which computer on the Internet a packet is supposed to be sent to because each packet contains that computer's address, very similar to a letter going through the post office.

Your computer has different ports or channels for this data.
These ports are given standardized numbers so one port is used to send data and another port receives data.
In this way, the packets of data coming into and going out of your computer don't collide or get confused.
The port number is included as part of the address a packet is given.

Ports can have numbers from 1 to 65535.

Introduction to firewalls :
http://clan.cyaccess.com/?menusoft&firewall

great port - tcp/ip info site
http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html

--------------------------------------------------------------------------------------------------

Although firewalls have their strengths, and are an invaluable information security resource, there are some attacks that the firewalls cannot protect against, such as eavesdropping or interception of e-mail.

Furthermore, whereas firewalls provide a single point of security and audit, this also becomes a single point of failure ? which is to say, firewalls are a last line of defense.

This means that if an attacker is able to breach the firewall, he or she will have gained access to the system, and may have an opportunity to steal data that is stored in that system, or to create other havoc within the system.

Firewalls may keep the bad guys out, but what if the bad guys are inside?
In the case of dishonest or disgruntled employees, firewalls will not provide much protection.

Finally, as mentioned in the discussion of packet filtering, firewalls are not foolproof - IP spoofing can be an effective means of circumvention, for example.

For optimal protection against the variety of security threats that exist, firewalls should be used in conjunction with other security measures such as anti-virus software and encryption packages.

As well, a well-thought out and consistently implemented security policy is vital to attaining optimal effectiveness of any security software.

Beginners Guide to Firewalls:
- http://www.securityfocus.com/infocus/1182

--------------------------------------------------------------------------------------------------

for hardware security information please follow this link:
- http://www.securityfocus.com/infocus/1568

--------------------------------------------------------------------------------------------------

Attacks Utilizing a Trojan Horse
A Trojan horse, like the Greek "gift" to Troy, looks like a useful and innocent program but actually contains a means of attacking your system.
A Trojan allows an attacker to perform almost the same actions on an infected computer as does its owner: copy, view and delete information from the hard drive, run applications, change configuration settings, control the infected computer's hardware and much more.

Typically Trojan horses are distributed over the Internet as small utility programs, screen-savers, wallpaper for desktops, etc. When a cracker gains access to a system, all manner of maliciousness is possible.

also read the Bluetack Guide on Trojan Horses:
- http://www.bluetack.co.uk/forums/index.php?showtopic=72

-------------------------------------------------------

Attacks Via Internet Applications:
Some Internet applications, such as browsers and Internet pagers, have security holes that can be taken advantage of by attackers to access data stored on your hard drive.
Depending on your application configurations, your computer can distribute confidential information about your system and your Internet operations (mostly applies to Web browsers).


if you use Microsoft Internet Explorer , you should know about these exisiting security vulnerabilities:
- http://www.pivx.com/larholm/unpatched/


Attacks Using Specially Created Harmful Data Streams
There is software around that attackers use to send harmful data streams designed to disrupt your system and impair its efficiency on the Internet.
A computer receiving this data through its different ports might lose control and hang (freeze up).
Beyond the bother of having to reboot your computer, current downloads are lost, phone calls are interrupted and so on.

Attacks Using Weaknesses in Your O/S SettingsAttackers can take advantage of free and open access made available by how your Operation System is configured.

For example, if your computer uses Microsoft Windows its NetBios settings can be set so your files are made available to attackers.

-------------------------------------------------------------------------------------------------

Tech TV - Firewalls Explained:
- http://www.techtv.com/callforhelp/answerstips/story/0,24330,2436994,00.html

just what the name says....FIREWALL GUIDE:
- http://www.firewallguide.com/

comparison of top personal firewalls:
- http://www.agnitum.com/php_scripts/compare2.php

Personal Firewalls list:
- http://www.securitywizardry.com/firesoftpers.htm

Personal Firewalls :
http://www.securityfocus.com/infocus/1573

What is a personal firewall:
http://www.theguardianangel.com/personal_firewall.htm

--------------------------------------------------------------------------------------------------

To understand more about how internet protocols work ;

http://www.protocols.com/pbook/tcpip1.htm
http://www.protocols.com/pbook/tcpip2.htm#IP

http://www.networksorcery.com/enp/topic/ipsuite.htm

-Network layer protocols
These protocols are assigned an Ethertype number.

-Transport layer protocols
These protocols are assigned an IP Protocol number

-Application layer protocols:
These protocols are assigned one or more SCTP, TCP or UDP port numbers.

TCP - Transmission Control Protocol :
- TCP provides a reliable stream delivery and virtual connection service to applications
through the use of sequenced acknowledgment with retransmission of packets when necessary.

UDP - User Datagram Protocol :
- provides a simple, but unreliable message service for transaction-oriented services.
Each UDP header carries both a source port identifier and destination port identifier,
allowing high-level protocols to target specific applications and services among hosts.

Internet Control Message Protocol :



QUOTE

ICMP redirect messages are almost always suspect. If used legitimately,ICMP redirects are used by a router to advice a host of a change innetwork topology. It just tells your host "don't send this to me, instead use this different router".However, while ICMP redirects are nice as a poor mans routing protocol,they are not exactly safe. They are in no way authenticated. ICMP redirects can be spoofed and used for 'man in the middle ' attacks.

These attacks allow a third party to listen in on your traffic (and in some cases modify it) by routing all your traffic through the attackers system.

ICMP and UDP tunnelling attacks are also used to wrap real data to the headers.
if youre system is compromised, firewalls and routers that allow ICMP ECHO, ICMP ECHO REPLY and UDP packets through will be vulnerable to this attack.


ICMP Protocol Overview:
Internet Control Message Protocol (ICMP), documented in RFC 792, is a required protocol tightly integrated with IP.
ICMP messages, delivered in IP packets, are used for out-of-band messages related to network operation or mis-operation. Of course, since ICMP uses IP, ICMP packet delivery is unreliable, so hosts can't count on receiving ICMP packets for any network problem.

Some of ICMP's functions are to:
Announce network errors, such as a host or entire portion of the network being unreachable, due to some type of failure.
A TCP or UDP packet directed at a port number with no receiver attached is also reported via ICMP.

Announce network congestion.
When a router begins buffering too many packets, due to an inability to transmit them as fast as they are being received, it will generate ICMP Source Quench messages. Directed at the sender, these messages should cause the rate of packet transmission to be slowed. Of course, generating too many Source Quench messages would cause even more network congestion, so they are used sparingly.

Assist Troubleshooting.
ICMP supports an Echo function, which just sends a packet on a round--trip between two hosts. Ping, a common network management tool, is based on this feature. Ping will transmit a series of packets, measuring average round--trip times and computing loss percentages.

Announce Timeouts.
If an IP packet's TTL field drops to zero, the router discarding the packet will often generate an ICMP packet announcing this fact. TraceRoute is a tool which maps network routes by sending packets with small TTL values and watching the ICMP timeout announcements.

--------------------------------------------------------------------------------


- for a complete listing of assigned ports and numbers ;
http://www.networksorcery.com/enp/protocol/ip/ports00000.htm

-Domain Names and Numbers Explained;
- http://www.cs.cf.ac.uk/Dave/Internet/node60.html
- Port descriptions and services..
- Block known trojan ports

- GIANT PORT LIST : http://keir.net/portlist.html

-DDDs Guide to submitting IP ranges to the PG Database:
- http://www.peerguardian.net/forums/index.php?showtopic=141

-Guide To Reporting Security Incidents to ISPs:
- HERE

Google directory on Firewalls

please also read the Bluetack Guide To Tracking IP Addresses:
- http://www.bluetack.co.uk/forums/index.php?showtopic=52

=============================================
------------------
Outpost firewall:
------------------
=============================================

Outpost Firewall free V1:
http://www.agnitum.com/download/outpostfree.html
Agnitum Outpost is the first personal firewall that supports plug-ins.
Sample plug-ins are included to show how this revolutionary technology
can easily be employed for such tasks as Intrusion Detection, Advertisement Blocking,
Content Filtering, E-mail Guard and Privacy Control.

Agnitum Outpost is equipped with every feature a personal firewall should have.
It is the most functional firewall in the world.
Outpost supports all the latest security techniques and features such as:
Full Stealth Mode, Anti-Leak, and MD5 Authentication.

Outpost Free V1 review:
----------------------------
- http://www.scotsnewsletter.com/38.htm#review1
- http://clan.cyaccess.com/?menusoft&outpost- - http://www.techtv.com/callforhelp/freefile/story/0,24330,3406480,00.html

Outpost Pro V2:
-----------------
- http://www.agnitum.com/
- http://www.outpostfirewall.com/forum/

New and Improved.

----------------------------------------------
Outpost IP list Importing Instructions :
- http://www.peerguardian.net/forums/index.php?showtopic=82

===========================================
----------------------------------------------

Outpost firewall complete online guide:
http://www.outpostfirewall.com/guide/index.htm

--------------------------------------------
===========================================

Outpost Firewall Presets: Idea and Format
http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=2404


QUOTE

Outpost Firewall includes presets for popular applications such as ICQ, Internet Explorer, Outlook Express and many others. When an application tries to connect to the Internet for the first time, Outpost searches its application database and suggests a set of rules worked out by our engineers that are optimum for this application. Even advanced users are recommended to use these presets and then tweak their settings as needed. This very powerful technique lets you create rules with one click and without any special knowledge of ports and protocols.

Application Specific Presets—for particular applications such as Internet Explorer, Microsoft Telnet or Outlook Express.

Common Activity Preset—for common activities such as browsing the Web, connecting via the Telnet protocol or receiving and sending e-mail.


For maximum security I would also suggest removing the DNS rule from the Global rules - this means having to create a specific one for each application but does mean that a hostile application cannot even find an IP address without you permitting it (and does defeat certain leaktests). Having a Protocol TCP, Remote Port DNS, Deny as a Global rule would be a good idea in this case since it saves you from having to set up a second DNS rule to cover TCP for each application (normally UDP is used, but long queries switch to TCP - I have never noticed any ill-effects from blocking them though).

- http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=3735
- http://www.outpostfirewall.com/forum/showthread.php?threadid=7896

maximum security rules
http://www.outpostfirewall.com/forum/showthread.php?threadid=7896

Blockpost V1
http://www.outpostfirewall.com/guide/the_outpost_gui/plugins/blockpost.htm

Blockpost V2:
http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=7229

Outpost Firewall Presets: Idea and Format :
http://www.outpostfirewall.com/forum/showthread.php?s=&threadid=2404

plugins - Last Updated: Aug 3 '03 :
http://www.outpostfirewall.com/guide/the_outpost_gui/plugins/index.htm


http://www.outpostfirewall.com/forum/showthread.php?threadid=7875

The AGNIS for Outpost block lists have been updated once again.


QUOTE

IE-SPYAD (the IE Restricted zone list) and the original AGNIS block lists (for AtGuard/NIS/NPF)
and AGNIS for AdShield have also been updated.
AGNIS for Outpost contains a set of ad block lists for use with Agnitum Outpost.
These block lists are ports of the original AGNIS block lists for AtGuard, Norton Internet Security,
and Norton Personal Firewall 2003 (see the AGNIS section above on this page).

AGNIS for Outpost Updated
http://www.staff.uiuc.edu/~ehowes/resource.htm#Outpost

==============================================
-------------------------------------------------------------------------------
-------------------
Sygate Firewall :-
-------------------
--------------------------------------------------------------------------------
==============================================

Sygate Personal Firewall
http://soho.sygate.com/products/shield_ov.htm



QUOTE

A powerful and easy-to-use PC firewall that protects against :
Trojans, spyware, and other malicious threats including those use their own protocol drivers.
It prevents unauthorized applications from passing through the firewall by inserting code into authorized ones,
and enables even the most inexperienced users to easily customize and fine-tune security policies.
Also provides best-in-breed logs for intrusion analysis.


Cool Sygate site:
- http://www.whitehat-security.com/SPF.htm

sygate pro & free informational website
- http://personal.atl.bellsouth.net/i/k/ikpe/

The SYGATE PRO users guide PDF:(4734Kb) - DOWNLOAD
SYGATE PRO Knowledge Base forum:RIGHT HERE

Sygate website support:
- http://soho.sygate.com/support/default.htm
- http://smb.sygate.com/support/documents/pspf/default.htm
- http://forums.sygate.com/vb/

how to update sygate personal firewall pro.
by Dr pepper from the Peer Guardian forum:
http://www.peerguardian.net/forums/index.php?showtopic=41


Good install registration practice:



QUOTE

When you first boot up right after installing SPF it is a good idea to do the following to avoid an issues with SPF blocking your registration.
When you reboot if you get a "buy now" or "register" screen, just click "try now".
Then allow any and all popups that you may see for now, and then set SPF to "allow all" under the "security" tab on the SPF console.
It is a good idea to do this at first, since SPF's default state is "block all" and you do not want to block your registration by mistake.
So once set, then go under the "help" tab, click "register", then fill out all the fields using N/A for those that do not apply and register. Once registered, set SPF back to normal and configure SPF as needed.

===============================================
--------------------------
-------------
Zonealarm :
-------------
---------------------------
===============================================


QUOTE
ZoneAlarm protects automatically from the moment it's installed - no programming required.
ZoneAlarm barricades your PC with immediate and complete port blocking.
And, then runs in Stealth Mode to make your PC invisible on the Internet -
if you can't be seen, you can't be attacked.

- http://www.zonelabs.com/

zone alarm detailed guide:
- http://www.markusjansson.net/eza.html

zone alarm forums:
- http://forums.zonelabs.com/zonelabs
- http://www.bobsfreestuffforum.co.uk/forum/viewtopic.php?t=60\


A great Guide on Zone Alarm Pro Expert rules , originally posted by jonny at FTC forum:
- http://64.37.72.176/ZoneAlarmPro_Expert_Rules.htm


- http://www.virus.org/Review31.html
lNo matter what program expert rule you make there are a few things that need to be done and known.



QUOTE

First in program rules ALL rules will apply, whereas in a Firewall expert rule, only the first applicable rule applies. Second when you create an program Expert rule, there is one thing that needs to be added and another added depending on how you set up your zones.

The rule that should always come in last (the rules are applied in order from 1 to whatever) is a blocking rule. Create a new rule and name it blocking (or whatever) then select block for an action. You can leave everything else the alone. This blocks everything except what you have allowed in rules prior to this one.

Another rule that you may need is a rule for DNS lookup. If you add this rule to each program then you can control it to a single port and not put the DNS servers in the trusted zone, but in the internet zone. And for that, create a new rule, name it DNS (or whatever)as a destination add both (or all) of your DNS servers, then in the protocol section, open only the DNS port. This allows only DNS to go between your computer and your ISP's DNS servers.

The big thing to remember is that in the program expert rules, they are ALL looked at for permission from 1 to the last, and you have to add the blocking rule or all ports are open. This is real handy in email clients. No more junk coming thru (pictures and remote pages and objects).


A sobering experience for a novice is to block ports in Zone Alarm and watch them running wide open in CommView. :-(


---------------------------------------------------------------------------------------
--------------------------
Tiny Personal Firewall :
--------------------------
--------------------------
http://www.tinysoftware.com/home/tiny2?s=9107547958550278090A4&pg=solo_download



QUOTE

Tiny Personal Firewall is a small and easy to use system designed for protecting
a personal computer against hacker attacks and data leaks.
It is based on the ICSA certified technology used in the WinRoute firewall.
The firewall itself runs as a background service, using a special low-level driver loaded into the system kernel.
This driver is placed at the lowest possible level above the network hardware drivers.
Therefore, it has absolute control over all passing packets and is able to ensure
complete protection of the system it is installed on.


---------------------------------
KERIO firewall - anti-spyware-
---------------------------------

http://www.kerio.com/kpf_home.html
http://www.geocities.com/yosponge/
http://www.geocities.com/yosponge/faq.html


-------------------------------------------------
BLACK ICE -
-------------------------------------------------

Black ICE 30 Day Trial -

http://blackice.iss.net/eval.php
http://blackice.iss.net/product_pc_protection.php

=========================
---------------------------
Kaspersky Anti-Hacker :
---------------------------
=========================

http://www.spychecker.com/program/kanithacker.html

Is a personal firewall, providing full-scale protection for personal computers running Windows operating systems. It prevents unauthorized access to data, as well as hacker attacks launched from both intranets and the Internet.



QUOTE

Full-scale Control Over Network Activity

Kaspersky Anti-Hacker is a personal firewall that checks all incoming and outgoing data streams only permits actions that are safe or have been authorized by you.
It runs at application level, allowing you to grant or deny specific behavior to selected programs.
The program uses easy to understand rule definitions, rather than complicated port and protocol configurations whenever possible.
You can choose from 5 different security levels that are available as presets and also customize the rules and create new ones according to your personal security requirements.
Like most personal firewalls, Kasperski Anti-Hacker also comes with a learning mode, that prompts the user each time an application uses the internet for the first time and based on your answers, it automatically creates the rules for you.
The low-level data interceptor allows information filtration before it is processed by other applications and provides intrusion protection from the latest forms of hacker attack, including Ping Of Death attacks, Land-attacks, TCP and UDP port scanning and DoS attacks.
SmartStealth protects your ports and makes the systems become fully invisible to the outside.
Additional features include a connection monitor, port monitor, detailed logging and more.

At this time Kaspersky Anti-Hacker is not compatible with ADSL modems.

------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------
--------------------------------------------------------
-----------------------------------------------------
-------------------------------------------------------------------------------------------------------------------------

-PEER GUARDIAN-

-BLUETACK Converter/BLOCKLIST MANAGER-

-IP ADDRESS Blocklists -

-------------------------------------------------------------------------------------------------------------------------

Peer Guardian was created by Method for the purpose of protecting downloaders from anti-p2p companies,
by monitoring TCP/IP connections and forcefully rejecting /logging all those that match up with the IPs in the PG Database.
It does not monitor UDP or ICMP protocols, but is very effective against TCP connections.

It is free to use and very useful for protection against the anti-P2P rif-raf.

http://www.methlabs.org/

Download IP blocklists from here:
http://xs.tech.nu/pgi.htm

Peer Guardian Forum:
Guides/Faqs for PG and firewall blocklist importing and more.
http://www.peerguardian.net/

BLUETACK converter:
convert IP blocklists into various firewall formats for importing into your firewall:

http://www.bluetack.co.uk/convert.html

Further information on converting to BlackICE firewall.ini format
Further information on the Kerio Personal Firewall v2 persfw.conf format
Further information on the Kerio Personal Firewall v4 kpf.cfg format
Further information on Morpheus blacklists
Further information on Cisco ACLs

http://www.bluetack.co.uk/forums/index.php?showforum=14


Bluetack Personal Blocklist Manager:
Blocklist Manager is an application which downloads blocklists from various sources and updates applications such as
Kazaa Lite K++, PeerGuardian, eMule, Gnucleus and Morpheus.

At the moment, the following firewall formats are also supported as a conversion only:
Blockpost for Agnitum Outpost v2
Sygate Advanced Rules
ZoneAlarm Pro 4 xml

- http://www.bluetack.co.uk/forums/index.php?showforum=3

Administrator Approved Guides:
-anti file sharing groups, verious firewall importing instructions, updating K++ inbuilt ip blocking and more.
- http://www.peerguardian.net/forums/index.php?showforum=15

=============================================================

Firewall leak tests comparison:
- http://perso.wanadoo.fr/jugesoftware/firewallleaktester/eng/pageweb/test.html

Firewall scoreboard (really old but interesting)
- http://grc.com/lt/scoreboard.htm

Outpost Leak Test results
(Advanced rules configured properly reduce the effectiveness of these leak tests with outpost.)

------------------------------------------------------------------------

Inbuilt XP Firewall (internet connecton firewall):
(you will gain more protection from a personal software firewall which fully controls outbound and inbound traffic
, hey this is a microsoft product dont forget ! ):

Windows ICF: Can't Live With it, Can't Live Without it :Great indepth article.
http://www.securityfocus.com/infocus/1620

- http://www.microsoft.com/windowsxp/pro/using/howto/networking/icf.asp

Just so you know, WinXP's built-in firewall does not attempt to manage or restrict outbound connections at all.
It appears to be a useful firewall for hiding the machine from the Internet
(it has "stealth mode" unsolicited packet handling),
but you will still need to use a good third-party personal firewall
if you wish to manage and control outbound connections from your system.

When you're online, your computer passes information to and from the Internet through ports, or open connections.
A port's number identifies the type of information passing through it.
For example, port 80 is used for HTTP traffic, so page requests
and webpages being downloaded all come through port 80.



QUOTE

Here's how to enable the XP firewall:

Log into XP with an owner account.
Click the Start button and select Control Panel. Double-click the Network Connections icon.
In the Network Connections window, click to highlight the connection you want to protect.
In the left panel, under Network Tasks, click "change settings of this connection."
When the connection status dialog box opens, click the Properties button.
In the Properties dialog box, click the Advanced tab. Check the box beneath "Internet Connection Firewall."
If you leave it unchecked, the firewall is off. If you aren't running any servers on your computer, just click OK.
If you run an FTP or Web server, you need to change the advanced settings.

Disable Internet Connection Firewall:
In Control Panel, double-click Networking and Internet Connections, and then click Network Connections.
Right-click the connection on which you would like to disable ICF, and then click Properties.
On the Advanced tab, click the box to clear the option to Protect my computer or network.

- XP Firewall - To turn on the Internet Connection Firewall:
http://www.microsoft.com/security/protect/windowsxp/firewall.asp

enable/disable xp firewall:
- http://support.microsoft.com/default.aspx?scid=kb;EN-US;283673

------------------------------------------------
IF YOU STILL PLAN TO USE XP FIREWALL:
------------------------------------------------

xp firewall logger
http://www.majorgeeks.com/download.php?det=3307
http://www.majorgeeks.com/screenshot.php?screenshot=3307
XP Firewall Logger 2.01a
From the author:



QUOTE

I have seen several post on the web from other users stating they wish a tool was available for reading Windows Xp built in Firewall (ICF). I have also searched the web and was unable to find any such tool out their. So I decided to created one. The application, created with Visual Basic allows a user to read the built in firewall logs within Windows XP. I have attached a screen shot, and a zip file of the actual application. It is very straight foreword, and easy to use/read.

--------------------------------------------------------------------------------------------------

Security site (online personal firewall testing and anti-trojan testers)...

- http://www.pcflank.com/about.htm
"We recommend 3 main routes of passing PC Flank's tests".
These are "Rookie", "Advanced" and "Rush"

scan your computer using the following tests:


QUOTE

Quick Test:
This test shows how vulnerable your computer is to various Internet threats.
The test also determines if a Trojan horse already infects your system and if your
Web browser reveals personal info about you or your computer while you're web surfing.

This test is a combined version of Advanced Port Scanner, Browser Test and Trojans Test.
The test take less than three minutes.

Afterwards you will see a full report including recommendations on how to improve the security of your system.
This test is recommended to rookie users and users who do not have enough time to pass all the tests.

Stealth Test:
With the help of the Stealth test you can determine if your computer is visible to the others on the Internet.
You can also use this test to determine if your firewall is successful in making ports of your system stealthed.
To determine if your computer is visible on the Internet the Stealth test utilizes five scanning techniques:
TCP ping, TCP NULL, TCP FIN, TCP XMAS and UDP scanning.

Browser Test:
This test will check if your browser reveals any of your personal information.
This might be the sites you have visited, the region you live in, who your Internet Service Provider is, etc.
The test will recommend specific settings of your browser for you to change

Trojans Test:
This test will scan your system for most dangerous and widespread Trojan horses.
If a Trojan is found on your computer the test recommends actions to take

Advanced Port Scanner:
The Advanced Port Scanner will test your system for open ports that can be used in attacks on your computer.
You can select which scanning technique will be used during the test:
TCP connect scanning (standard) or TCP SYN scanning.
You can also select what ports of your system you want to scan:
desired ports or range of ports, typical vulnerable and Trojan ports, 20 random ports or All ports.

This test below is recommended to experienced users.
Exploits Test:
This test will detect how vulnerable your computer is to exploits attacks.
This test can be also used to test firewalls and routers for stability and reactions to unexpected packets.

Most of the exploits are in fact denial-of-service attacks
and if your system is unable to pass this examination it may crash or reboot.

=====================================================================

more online port scanning sites:
-------------------------------------

Sygate, http://scan.sygatetech.com/prequickscan.html
Anti-Trojan, http://www.anti-trojan.net/at.asp?l=en&t=onlinecheck
Symantec, http://security2.norton.com/ssc/hom...YHGBYNCJEIMXQKC
Blackcode, http://www.blackcode.com/scan/
DSLReports, http://www.dslreports.com/scan
HackerWatch, http://probe.hackerwatch.org/probe/probe.asp
SecurityMetrics, http://www.securitymetrics.com/portscan.adp
Lockdowncorp.com, http://stealthtests.lockdowncorp.com/

list of free online services:
-virus scans-portscans-security scans-more
- http://www.wilders.org/free_services.htm

Computer Cops Online Security Nmap Port Scanner-
- Nmap scanner page ? WHERE DID THAT LINK GO ?

=====================================================================
----------------------------------
- Gibson Research Center -
----------------------------------

You can find out how secure your PC is, by going to

- http://grc.com/intro.htm

and run "ShieldsUp!" to test from the outside, and "LeakTest" to test from the inside.
Then, install an Outpost/Sygate/Zonealarm firewall and try the tests again.

Firewalls by GRC:
- http://grc.com/su-firewalls.htm

The Anatomy of File Download Spyware:
Grc`s yr 2000 page on malware downloaders...
Evil Port Monitors?:
- http://grc.com/su-evilportmon.htm

GRCSucks
- http://www.grcsucks.com/

====================================================================
---------------
Firewall links-
---------------

!need to know what it is youre looking at in your firewall
FAQ: Firewall Forensics (What am I seeing?) Version 1.2.0
- http://www.robertgraham.com/pubs/firewall-seen.html

TECH TVS GUIDE TO COMMERCIALLY POPULAR FIREWALLS:
- http://www.techtv.com/screensavers/products/story/0,24330,3522872,00.html

SPYCHECKERS FIREWALL REVIEW:
- http://www.spychecker.com/software/firewall.html

Firewall FAQS:
- http://www.faqs.org/faqs/firewalls-faq/
(Last Update May 01 2003)

Firewall Evolution - Deep Packet Inspection:
- http://www.securityfocus.com/infocus/1716

The Enemy Within: Firewalls and Backdoors
- http://www.securityfocus.com/infocus/1701

Download THIS informative pdf on internet firewalls written in 2000.
(right click-save target as) or read the online version..
- http://www.interhack.net/pubs/fwfaq/

A high level explanation of firewall technologies and their features
- http://www.infosecwriters.com/texts.php?op=display&id=12

------------------------
Security Resources:
------------------------

Guardian Angel:
http://www.theguardianangel.com/resource_index_.htm

Security Newsgroup:
- http://www.derkeiler.com/Newsgroups/
Grey Magic Security:
- http://security.greymagic.com/
About.Com Net Security Guide
- http://netsecurity.about.com/
HackerWhacker
- http://www.hackerwhacker.com/
Help-Net Security
- http://net-security.org/
InfoSyssec
- http://www.infosyssec.com/
Intelligence Brief: Information Security
- http://www.intelbrief.com/
ITtoolbox Security
- http://security.ittoolbox.com/
NTSecurity - Windows NT/2K Security Portal
- http://www.ntsecurity.net/
Packet Storm
- http://packetstormsecurity.org/
Secure Labs
- http://www.securelab.com/
SecurityFocus
- http://www.securityfocus.com/
SecurityGeeks
- http://www.securitygeeks.com/
SecuriTeam
- http://www.securiteam.com/
Security Unit, Inc.
- http://www.securityunit.com/
Security News Portal
- http://www.securitynewsportal.com/
Security Writers
- http://www.securitywriters.org/

======================
Security Newsgroups (via Google)
======================

alt.security
alt.security.announce
alt.computer.security
alt.security.alarms
alt.security.keydist
alt.security.pgp
alt.spam
comp.os.linux.security
comp.Win.NT.Security
comp.os.netware.security
comp.lang.java.security
comp.security.announce
comp.security.firewalls
comp.security.misc
comp.security.ssh
comp.security.unix
comp.security.pgp
comp.virus
info.firewalls-digest
misc.security

Other Resources:

CGI Security
- http://www.cgisecurity.com/
Interactive Information Security Policies
- http://www.yourwindow.to/security-policies/
Insecure.Org
- http://www.insecure.org/
NeoHapsis Ports List
- http://www.neohapsis.com/neolabs/neo-ports
NGS Security Software
- http://www.nextgenss.com/
Lance Spitzner's Security Whitepapers
- http://www.enteract.com/~lspitz/papers.html
Neohapsis Security List Archives
- http://archives.neohapsis.com/
Network Security Library
- http://www.secinf.net/
Nomad Mobile Research Center
- http://www.nmrc.org/
SC Magazine
- http://www.scmagazine.com/
WWW Security FAQ
- http://www.w3.org/Security/Faq
VPN Labs
- http://www.vpnlabs.org/

===================
INTRUSION DETECTION:
===================

Intrusion Detection & Response ;

arachNIDS Attack Signatures
- http://www.whitehats.com/ids
DShield
- http://www.dshield.org/
Incidents.Org - Internet Storm Center
- http://www.incidents.org/
Talisker's IDS Buyer's Guide
- http://www.networkintrusion.co.uk/
HoneyNet Project
- http://www.honeynet.org/
SNORT
- http://www.snort.org/
- http://www.snort.org/docs/idspaper/

- http://www.sans.org/resources/idfaq/
- http://www.cert.org/
- http://isc.incidents.org/
- http://www.securityfocus.com/bugtraq/archive
- http://www.packetstormsecurity.org/papers.html

- http://www.dslreports.com/
- http://www.security-protocols.com/
- http://www.hazeleger.net/
- http://www.firewall.cx/

- http://www.mcabee.org/lists/snort-users/Jun-01/thrd4.html#00398
- http://alamo.satlug.org/pipermail/satlug/2002-June/thread.html#2493
- http://www.honeypots.net/honeypots/products
- http://csrc.nist.gov/publications/nistir/nistir-7007.pdf

----------------------------------------------
GFI LANguard System Integrity Monitor:
----------------------------------------------


QUOTE

GFI LANguard System Integrity Monitor (S.I.M.) is a utility that provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/XP system. If this happens, it alerts the administrator by email. Because hackers need to change certain system files to gain access, this FREEWARE utility provides a great means to identify any servers that are open to attack.

- http://www.webattack.com/get/languardscan.shtml
- http://www.gfi.com/lannetscan/

=======================
Packet Sniffing-Related Resources :
=======================

- http://grc.com/oo/packetsniff.htm

Packet Storm's MAJOR packet sniffing page
http://packetstormsecurity.org/sniffers/
TCP for the Uninitiated - Part I (Introduction and Background)
http://www.dragonmount.net/tutorials/tcpip/part1/intro.htm
An overview of the TCP/IP protocol suite
http://www.acm.org/crossroads/xrds1-1/tcpjmy.html
RFC1180 - A TCP/IP Tutorial
ftp://ftp.isi.edu/in-notes/rfc1180.txt
An Introduction to TCP/IP
http://www.yale.edu/pclt/COMM/TCPIP.HTM
Uri Raz's (amazing) TCP/IP resource page
http://www.private.org.il/tcpip_rl.html
The Protocol.com Web Site
http://www.protocols.com/
An example packet sniffer (written in Perl)
http://stein.cshl.org/~lstein/talks/WWW6/sniffer/

==================================================================
------------------------------------------------------------------------
LINUX- Firewall links:
------------------------------------------------------------------------

Linux Security:
- http://www.staff.uiuc.edu/~ehowes/soft26b.htm
Unix Security:
- http://www.deter.com/unix
Linux Security Portal:
- http://www.linuxsecurity.com/
Iptables info:
- http://www.oofle.com/iptables.php

http://xs.tech.nu/pgi.htm
http://www.fasttrackcentral.org/
http://www.bluetack.co.uk/convert.html
http://www.bluetack.co.uk/forums/index.php
http://suprnova.iddrive.com/forum/index.php

 

if your port isn't listed look here:

http://www.iana.org/assignments/port-numbers

--------------------------------------------------------------------------------

0 tcp sscan attack
0 udp sscan attack
1 udp Sockets de Troie
1 tcp TCP Port Service Multiplexer
2 tcp compressnet
2 tcp Death
3 tcp compressnet
5 tcp Remote Job Entry (rje)
20 tcp JetDirect
20 tcp Senna Spy FTP Server
21 tcp Back Construction
21 tcp BladeRunner
21 tcp Senna Spy FTP Server
22 tcp SSH
23 tcp JetDirect
42 tcp Microsoft WINS Replication
44 tcp Artic
53 udp Microsoft DNS Resolution
67 tcp JetDirect
67 udp Microsoft DHCP Lease
68 tcp JetDirect
68 udp Microsoft DHCP Lease
69 tcp JetDirect
80 tcp JetDirect
81 tcp Fizzer Worm
102 tcp MTA - X.400 over TCP/IP
135 tcp Microsoft DHCP Manager
135 tcp Microsoft Exchange Administrator
135 tcp Microsoft Exchange Client/Server Communications
135 udp Microsoft RPC
135 tcp Microsoft RPC
135 tcp Microsoft WINS Manager
137 udp Microsoft Logon Sequence
137 udp Microsoft NT Secure Channel
137 udp Microsoft NT Trusts
137 udp Microsoft Pass Through Validation
137 udp Microsoft Printing Services
137 udp Microsoft Windows Network Browsing
137 tcp Microsoft WINS Registration
138 udp Microsoft Logon Sequence
138 udp Microsoft NetLogon
138 udp Microsoft NT Directory Replication
138 udp Microsoft NT Secure Channel
138 udp Microsoft NT Trusts
138 udp Microsoft Pass Through Validation
138 udp Microsoft Printing Services
138 udp Microsoft Windows Network Browsing
139 tcp Microsoft DNS Administration
139 tcp Microsoft File Sharing
139 tcp Microsoft Logon Sequence
139 tcp Microsoft NT Diagnostics
139 tcp Microsoft NT Directory Replication
139 tcp Microsoft NT Event Viewer
139 tcp Microsoft NT Performance Monitor
139 tcp Microsoft NT Registry Editor
139 tcp Microsoft NT Secure Channel
139 tcp Microsoft NT Server Manager
139 tcp Microsoft NT Trusts
139 tcp Microsoft NT User Manager
139 tcp Microsoft Pass Through Validation
139 tcp Microsoft Printing Services
161 udp JetDirect
170 tcp A-Trojan
411 tcp Direct Connect
412 tcp Direct Connect
427 udp JetDirect
443 tcp JetDirect
515 tcp JetDirect
515 tcp lpdw0rm
522 udp Microsoft User Location Protocol
522 tcp Microsoft User Location Protocol
631 udp JetDirect
666 tcp Attack FTP
666 tcp Back Construction
666 tcp lpdw0rm
1052 tcp Slapper worm
1056 udp Norton Antivirus
1199 tcp Cleverpath Portal
1214 tcp Grokster
1214 udp Grokster
1214 tcp Kazaa
1214 udp Kazaa
1214 tcp Morpheus
1214 udp Morpheus
1234 tcp Hotline
1494 tcp Citrix ICA
1503 tcp Tijit
1604 udp Citrix ICA
1723 tcp PPTP
1782 tcp JetDirect
1812 tcp Slapper worm
1978 udp Slapper worm
2000 tcp Cleverpath Portal
2001 tcp Cleverpath Portal
2002 udp Slapper worm
2018 tcp Fizzer Worm
2019 tcp Fizzer Worm
2020 tcp Fizzer Worm
2021 tcp Fizzer Worm
2140 udp Deep Throat
2541 tcp Kazaa
2967 udp Norton Antivirus
3150 udp Deep Throat
3306 tcp MySQL
3389 tcp Microsoft Terminal Services
3440 udp PXO game tracker
3456 tcp TerrorTrojan
3493 udp PXO user tracker
3999 tcp Freespace:Descent
4000 udp Freespace:Descent
4000 tcp mlDonkey
4001 tcp Cleverpath Portal
4002 tcp Cleverpath Portal
4003 tcp Cleverpath Portal
4004 tcp Cleverpath Portal
4005 tcp Cleverpath Portal
4006 tcp Cleverpath Portal
4007 tcp Cleverpath Portal
4010 tcp Cleverpath Portal
4011 tcp Cleverpath Portal
4040 tcp Cleverpath Portal
4156 udp Slapper worm
4661 tcp eDonkey 2000
4662 tcp eDonkey 2000
4662 tcp Overnet
4663 tcp eDonkey 2000
4665 udp eDonkey 2000
5000 tcp Sockets de Troie
5001 tcp Sockets de Troie
5025 tcp Aimster
5050 tcp Yahoo Instant Messenger
5101 tcp Yahoo Instant Messenger
5151 tcp Cleverpath Portal
5400 tcp BladeRunner
5401 tcp Back Construction
5401 tcp BladeRunner
5402 tcp Back Construction
5402 tcp BladeRunner
5498 tcp Hotline
5499 tcp Hotline
5500 tcp Hotline
5501 tcp Hotline
6097 tcp Napster
6120 tcp Napster
6247 udp WinMX
6257 udp WinMX
6336 tcp Napster
6345 tcp Gnutella
6345 udp Gnutella
6346 tcp Bearshare
6346 tcp Gnutella
6346 udp Gnutella
6346 tcp LimeWire
6346 tcp ToadNode
6346 tcp Xolox
6347 tcp Gnutella
6347 udp Gnutella
6347 tcp LimeWire
6348 tcp Gnutella
6348 udp Gnutella
6349 udp Gnutella
6349 tcp Gnutella
6670 tcp Deep Throat
6688 tcp Napster
6697 tcp Napster
6698 tcp Napster
6699 tcp Napster
6699 tcp WinMX
6776 tcp 2000 Cracks
6881 tcp Bit Torrent
6883 tcp Bit Torrent
6884 tcp Bit Torrent
6885 tcp Bit Torrent
6886 tcp Bit Torrent
6887 tcp Bit Torrent
6888 tcp Bit Torrent
6889 tcp Bit Torrent
6891 tcp Microsoft Instant Messenger
6892 tcp Microsoft Instant Messenger
6893 tcp Microsoft Instant Messenger
6894 tcp Microsoft Instant Messenger
6895 tcp Microsoft Instant Messenger
6896 tcp Microsoft Instant Messenger
6897 tcp Microsoft Instant Messenger
6898 tcp Microsoft Instant Messenger
6899 tcp Microsoft Instant Messenger
6900 tcp Microsoft Instant Messenger
6969 tcp Bit Torrent
6969 tcp NetController
7000 tcp PXO chat server
7119 tcp Massaker
7437 tcp Faximum
8017 tcp Cleverpath Portal
8019 tcp Cleverpath Portal
8080 tcp Cleverpath Portal
8180 tcp Aplore worm
8281 tcp Jeem
8520 tcp Socay Worm
9100 tcp JetDirect
9101 tcp JetDirect
9102 tcp JetDirect
9280 tcp JetDirect
9281 tcp Microsoft RPC
9282 tcp Microsoft RPC
9290 tcp JetDirect
9291 tcp JetDirect
9292 tcp JetDirect
12701 tcp Eclipse2000
17300 tcp Kuang2
17770 udp Battlezone II (Game)
17771 udp Battlezone II (Game)
17771 tcp Battlezone II (Game)
17772 tcp Battlezone II (Game)
27374 tcp Ramen worm
27374 tcp SubSeven
30003 tcp Backdoor Death
30003 tcp Lamer's Death
30029 tcp AOL Trojan
30303 tcp Sockets de Troie
32418 tcp Acid Battery
35000 tcp Infector
35000 tcp Surgeon
36794 tcp Bugbear worm
38037 udp Norton Antivirus
38293 udp Norton Antivirus
50005 tcp Fulamer.25
50505 tcp Sockets de Troie
60000 tcp Sockets de Troie
60006 tcp Fulamer.25
61000 tcp AJX
65000 tcp Sockets de Troie

------------------------------------------------------------------------

Internet Protocol Version 6

------------------------------------------------------------------------

Microsoft is developing support for Internet Protocol version 6 (IPv6), a new suite of standard protocols for the network layer of the Internet. It is the future of networking. IPv6 is designed to solve many of the problems of the current version of IP (known as IPv4) with regard to address depletion, security, autoconfiguration, extensibility, and more. Its use will also expand the capabilities of the Internet to enable a variety of valuable and exciting scenarios, including peer-to-peer and mobile applications.

some links

http://msdn.microsoft.com/library/default....lications_2.asp

http://www.microsoft.com/windowsserver2003...v6/default.mspx

http://www.microsoft.com/windowsserver2003...pv6coexist.mspx

++++++++++++++++++++++++++++++++++++++++++++++

from what i have read it looks as if you need to have ipv6 installed to get traffic from one of the ips on your machine,but im not to sure on that because the information is limited at this time.

the one thing that i did find about a fire wall was from microsoft below.

Advanced Networking Pack for Windows XP
KB817778
The Advanced Networking Pack for Windows XP is a recommended update for Window XP SP1. It includes a new version of the IPv6 stack, an IPv6 firewall, and a peer-to-peer infrastructure.

Quick Info
File Name:
WindowsXP-KB817778-x86-ENU.exe

Download Size:
1247 KB

Date Published:
7/23/2003

Version:
1.0


Overview
The Advanced Networking Pack for Windows XP is a set of platform technologies designed to run on Windows XP SP1 to enable the use and deployment of distributed, peer-to-peer applications based on Internet standards. The update includes a new version of the IPv6 stack, including support for NAT traversal for IPv6 applications. An IPv6 firewall is included to protect the end-user's machine from unsolicited IPv6 traffic, while the peer-to-peer platform makes it simple to write distributed solutions.

Advanced Networking Pack for Windows XP
English
Download

--------------------------------------------------------------------------------

Change language
ArabicChinese (Simplified)Chinese (Traditional)CzechDanishDutchEnglishFinnishFrenchGermanGreekHebrewHungarianItalianJapaneseKoreanNorwegianPolishPortuguese (Brazil)Portuguese (Portugal)RussianSpanishSwedishTurkish


Related Resources

Advanced Networking Pack for Windows XP FAQ
Windows XP Peer-to-Peer SDK
Windows IPv6 Internet Connection Firewall SDK
Developer Resources for Windows XP


System Requirements
Supported Operating Systems: TabletPC, Windows XP, Windows XP Media Center Edition

Microsoft Windows XP Home Edition SP1
Microsoft Windows XP Professional SP1


--------------------------------------------------------------------------------

Instructions
Click the Download link to start the download, or choose a different language from the drop-down list and click Go.
Do one of the following:
To start the installation immediately, click Open or Run this program from its current location.
To copy the download to your computer for installation at a later time, click Save or Save this program to disk

download: http://download.microsoft.com/download/2/f...778-x86-ENU.exe

Advanced Networking Pack for Windows XP FAQ:
http://download.microsoft.com/download/2/F...7A4/ANP_FAQ.htm

Windows IPv6 Internet Connection Firewall SDK
http://microsoft.com/downloads/details.asp...&displaylang=en