wipfw
Over the last few months, I've been using wipfw as my sole firewall in Windows. It originally started as a test. I was expecting to use wipfw as the only firewall for a week or so, and then go back to using ZoneAlarm Pro. Much to my surprise, I have found no need to go back to ZoneAlarm Pro and have instead found many reasons to stick with wipfw. It is a Windows port of the ipfw firewall. It doesn't have all of the ipfw features yet. For example, you can't do traffic shaping and things along those lines. You can, however, take very tight control of your inbound and outbound network traffic. For example, we all read about the LAND attack back in March. At the time, this was a concern. (I guess Microsoft has patched this? I can't seem to exploit it any longer with hping.) However, with wipfw, I just put in a couple quick firewall rules, and I was well protected. Here was the rule I used:
It worked like a charm. I would take the rule out and would instantly be vulnerable again. Put it back in, and I could go on my merry way. I've also put in rules to have wipfw drop the sorts of traffic that will never normally occur. TCP packets with the FIN and SYN flags set, TCP flags with no flags set, TCP packets with all flags set, etc. Once the developers behind wipfw get the traffic shaping stuff in place (as well as the various other ipfw features not yet ported to wipfw), I see it as being a Windows firewall tool for those of us who like to get our hands dirty. Even in its beta stage, wipfw is a great tool and highly effective at what it does. Check it out.
No comments:
Post a Comment