How does telnet get through the windows firewall?
2013-07
I activated the Telnet client in Windows 7 and was instantly able to connect to servers although Windows Firewall is activated.
How does that work? Shouldn't the firewall block outgoing connections until I explicitly allow them?
Is a default firewall rule being created when you activate the telnet client in Win 7 and if so, which firewall rule should I look for?
I was unable to find any rule in my firewall for telnet.
Disclaimer: This is not really a problem I am trying to solve. I am just trying to understand how telnet is able to communicate without me opening the firewall for the program.
Outbound communications are generally allowed by default. However, if you were running a Telnet Server, inbound connections would be blocked by default. The exceptions would be if the installer for the Telnet Server opened the ports as a part of the install.
http://technet.microsoft.com/en-us/library/cc732283(WS.10).aspx
The standard firewall in Windows does not block outbound connections. If you want to block the telnet client (or anything else with outbound connections) you can use the Windows Firewall with Advanced Security to set up outbound rules.
view all most popular Amazon Coupons
.
I'm trying to configure Windows Firewall with Advanced Security to log and tell me when programs are trying to make outbound requests. I previously tried installing ZoneAlarm, which worked wonders for me with this in XP, but now, I'm unable to install ZA on Win7. My question is, is it possible to somehow monitor a log or get notifications when a program tries to do that if I set all outbound connections to auto-block, so that I can then create a specific rule for the program and block it.?
Thanks!
UPDATE: I've enabled all the logging options available through the Properties windows of the Windows Firewall with Advanced Security Console, but I am only seeing logs in the %systemroot%\system32\LogFiles\Firewall\pfirewall.log file, not in the Event Viewer, as the first answer suggested. However, the logs that I can see only tell me the request's or response's destination IP and whether the connection was allowed or blocked, but it doesn't tell me what executable it comes from. I want to find out the file path of the executable that each blocked request comes from. So far, I haven't been able to.
You should be able to see this in Event Viewer. First you'll need to tweak the logging options in the Advanced Settings Console:
In the Event Viewer's left pane, expand to Applications and Services Log -> Microsoft -> Windows -> Windows Firewall with Advanced Security:
There, you can create a custom view and filter the log to only outbound connection attempts.