I was reading on MS about the blaster worm and came upon this article about how to enable to Internet Connection Firewall.

http://www.microsoft.com/security/incident/blast.asp

Since this would be a nice thing to have working I tried to configure it. I followed the directions, enabled the firewall, then clicked Services and checked all the servies that I needed, added DNS (port 53) and fired it up and EVERYTHING died. Even the remote desktop wouldnt connect! YIKES!

I was about to panic but I remembered that fortunately I have a 2nd IP address on my machine so I was able to get back in and turn it off. I have done everything right to my knowledge but stumped as to why it dont work.

I used serverXXX (XXX the rest of my hostname) as the server, which it had by default. The strange thing is that the webpage on my 2nd ip worked (http, desktop connection, etc) but nothing on my main IP.

I enabled the log file and this is a sample of what it logged. Port 80 (http) IS CHECKED to be allowed. Any ideas?

#Software: Microsoft Internet Connection Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info

2003-08-17 19:51:49 DROP TCP 152.163.XX.XX 66.135.XX.XX 36893 80 52 S 2976352328 0 5840 - - -

Chances are you got kicked out of RemoteDesktop because you did not allow port 3389 through. This is the port RemoteDesktop uses.

Kevin

Well it actually gives you a check box for just that which WAS checked. Nothing worked for my main IP when I enabled it, although everything worked as I expected on my 2nd IP. I cannot find a place to specify which IP this is applied to.

The firewall doesn't works with multiple IPs on same NIC. If the firewall is enabled, then only one (last IP) will work, rest will be blocked. As per MS, this firewall is for small networks like DSL connection etc...

:mad: