First, the good news – it’s not a flaw in the operation of Windows Firewall on Windows Vista. It’s a design feature, it makes sense, and it fits in with the principle that the firewall should keep out unsolicited traffic. It’s not really a hole, but I thought I’d grab your attention.
The symptom first came up in a Usenet posting (thanks, Jesper, for bringing me in) about Vista and a third-party FTP client:
When I do a directory listing, and a PORT command is issued, and the
server attempts to connect, it works, but at the same time a dialogue
appears telling me it’s blocked, and I can keep blocking or unblock.
I choose keep blocking but it doesn’t actually block it once.
Here’s how it looks.
First, if you haven’t got a third-party FTP client let’s fake it, by copying Microsoft’s command-line FTP client from the Windows System32 directory to another directory:
C:\users\MyMe> copy %windir%\system32\ftp.exe
1 file(s) copied.
The FTP client will not display prompts to you, but that’s a minor issue – if it upsets you, try downloading a third-party client and trying it.
Anyway, here we go – let’s try the issue in question:
- Type ftp ftp.microsoft.com
- After you see the “200” greeting message, enter ftp as the user – press enter.
- Now you’re prompted for a password – enter anything and press enter.
- Once you’re logged on, enter dir – again, press enter.
- You’ll see the directory listing succeed, but you’ll also see a warning that a connection is being blocked:
Microsoft, Windows Vista, Security, Firewall, Vulnerability, Knowledgebase, FTP, TCP/IP