How does telnet get through the windows firewall?

29
2013-07
  • atticae

    I activated the Telnet client in Windows 7 and was instantly able to connect to servers although Windows Firewall is activated.

    How does that work? Shouldn't the firewall block outgoing connections until I explicitly allow them?

    Is a default firewall rule being created when you activate the telnet client in Win 7 and if so, which firewall rule should I look for?

    I was unable to find any rule in my firewall for telnet.

    Disclaimer: This is not really a problem I am trying to solve. I am just trying to understand how telnet is able to communicate without me opening the firewall for the program.

    • Answers
  • Chris E. Avis

    Outbound communications are generally allowed by default. However, if you were running a Telnet Server, inbound connections would be blocked by default. The exceptions would be if the installer for the Telnet Server opened the ports as a part of the install.

    http://technet.microsoft.com/en-us/library/cc732283(WS.10).aspx

  • user214003

    The standard firewall in Windows does not block outbound connections. If you want to block the telnet client (or anything else with outbound connections) you can use the Windows Firewall with Advanced Security to set up outbound rules.



    • view all most popular Amazon Coupons
    .
    Related Question

    security - Windows 7: Windows Firewall: Logging/Notifying on Outgoing Request Attempts
  • Maxim Zaslavsky

    I'm trying to configure Windows Firewall with Advanced Security to log and tell me when programs are trying to make outbound requests. I previously tried installing ZoneAlarm, which worked wonders for me with this in XP, but now, I'm unable to install ZA on Win7. My question is, is it possible to somehow monitor a log or get notifications when a program tries to do that if I set all outbound connections to auto-block, so that I can then create a specific rule for the program and block it.?

    Thanks!

    UPDATE: I've enabled all the logging options available through the Properties windows of the Windows Firewall with Advanced Security Console, but I am only seeing logs in the %systemroot%\system32\LogFiles\Firewall\pfirewall.log file, not in the Event Viewer, as the first answer suggested. However, the logs that I can see only tell me the request's or response's destination IP and whether the connection was allowed or blocked, but it doesn't tell me what executable it comes from. I want to find out the file path of the executable that each blocked request comes from. So far, I haven't been able to.


    • Related Answers
  • 8088

    You should be able to see this in Event Viewer. First you'll need to tweak the logging options in the Advanced Settings Console:

    alt text

    In the Event Viewer's left pane, expand to Applications and Services Log -> Microsoft -> Windows -> Windows Firewall with Advanced Security:

    alt text

    There, you can create a custom view and filter the log to only outbound connection attempts.