Windows Firewall Issue - is it me or is it a bug.
-
I am trying to make a TCP connection to a port on another machine which may or may not have a service listening on it on any one time. Not having a listener is common and not a problem in that I can switch to an alternate server in a timely maner. The problem is that with out Windows Firewall on the server machine, the delay is about 1 second for the connect() call. With windows firewall the delay is 21 seconds and in fact the server does not sent a RST (Reset) at all. Would one consider this a bug? or feature?
-
I am trying to make a TCP connection to a port on another machine which may or may not have a service listening on it on any one time. Not having a listener is common and not a problem in that I can switch to an alternate server in a timely maner. The problem is that with out Windows Firewall on the server machine, the delay is about 1 second for the connect() call. With windows firewall the delay is 21 seconds and in fact the server does not sent a RST (Reset) at all. Would one consider this a bug? or feature?
Member 3717204 wrote:
Would one consider this a bug? or feature?
Its absolutely a feature of most firewalls. Most servers will respond with a packet with the RST bit set when you attempt to connect to a closed socket. Its easy to imagine how this could be abused... if BadHacker forges packets with InnocentUsers IP address... BadHacker can cause thousands of RST packets to flood InnocentUsers IP. Anyway... why don't you just open that port so it is not filtered? Best Wishes, -David Delaune
-
Member 3717204 wrote:
Would one consider this a bug? or feature?
Its absolutely a feature of most firewalls. Most servers will respond with a packet with the RST bit set when you attempt to connect to a closed socket. Its easy to imagine how this could be abused... if BadHacker forges packets with InnocentUsers IP address... BadHacker can cause thousands of RST packets to flood InnocentUsers IP. Anyway... why don't you just open that port so it is not filtered? Best Wishes, -David Delaune
Ok, I understand the logic now.
Randor wrote:
Anyway... why don't you just open that port so it is not filtered?
The application is entered as an exception, but since the application is designed for a LAN the port is not fixed, though I could change this. Thanks.