wg-multicast - Re: Multicast and Windows XP with ICF enabled
Subject: All things related to multicast
List archive
- From: Brent Sweeny <>
- To: Wilson Dillaway <>
- Cc:
- Subject: Re: Multicast and Windows XP with ICF enabled
- Date: Wed, 30 Jul 2003 17:50:52 -0500
there's a similar issue with v6: ICF is v6-blind (and as I recall
blocks all of it--though I believe a very-new bugfix addresses
it for v6, but not for multicast.) and the decision (may?) not
have to be either/or; it *should* be possible to have XP security
*and* multicast: there are certainly other firewalls--are they
smarter about multicast? I'm not sure on that, but I'd think
there must be some. I understand that most of them also perform
better than ICF.
On Wed, Jul 30, 2003 at 06:43:57PM -0400, Wilson Dillaway wrote:
> Here's a question regarding receiving multicast on a
> Windows XP Professional desktop. We have multiple VBrick
> MPEG-2 encoding appliances, and we distribute VBrick's
> "StreamPlayer Plus" viewing software to desktops on request.
> However, as the popularity of Windows XP (versus W2K, W98,
> etc.) has risen, we have encountered a number of people who
> choose to run Microsoft's Internet Connection Firewall (ICF),
> an imbedded component of Windows XP that allows desktops to
> do local packet filtering. When ICF is enabled, StreamPlayer
> no longer sees the SAP announcements (or the streams
> themselves). While ICF does have some customization options
> as regarding blocking certain TCP or UDP ports, etc., it
> does not seem to have any mechanism for selective treatment
> of multicast.
>
> Some of our security folks are recommending that ICF be
> turned on by default on all desktops, so we have the problem
> of asking our users to choose between good desktop security
> (turn ICF on) or being able to watch multicast video (turn
> ICF off). Does anyone have experience with this? We'd like
> to find a middle ground whereby nasty unicast packets can be
> blocked without having to disable multicast reception.
> Although our experience is with VBrick, I would guess that
> any multicast viewing software (e.g. Cisco's IP/TV client)
> would suffer similarly when used with XP and ICF.
>
> Any thoughts? How do the non-Microsoft desktop firewall
> products behave in this respect?
>
>
> Wilson Dillaway
> Tufts University
- Multicast and Windows XP with ICF enabled, Wilson Dillaway, 07/30/2003
- Re: Multicast and Windows XP with ICF enabled, Brent Sweeny, 07/30/2003
- Re: Multicast and Windows XP with ICF enabled, John Kristoff, 07/31/2003
Archive powered by MHonArc 2.6.16.