Re: Return ICMP port unreachable on nonlistening socket
Petr Pisar wrote:
> common TCP/IP implemetations return ICMP port unreachable error packet
> when somobody send packet to port where no server is listening. This was
> true even in Windows XP.
> However Windows Vista Business SP2 behaves differently. It drops the
> packet silently even if given port is allowed for incoming communication
> in Advanced firewall settings. (And yes, I'm pretty sure it's really
> allowed because in the pfirewall log is not message about dropping.)
> I guess this is yet another Windows feature trying to smarter and more
> secure than user.
Maybe, IPsec is enabled on the machine with a policy to block ICMP. A
drop message by the FW wouldn't be logged, as IPsec sits in front of the
FW and blocks.
Other than IPsec with an IPsec policy or something else like a 3rd
personal FW solution running on the machine that's doing the blocking,
then nothing else on Vista other than Vista's FW is going to be blocking.