Comprehensive application of Windows XP built-in firewall ICF

ICF is short for "Internet Connection Firewall", that is, the Internet Connection Firewall. ICF is built between your computer and the Internet. It can let the data you request pass and block the data packets you have not requested. It is a packet-based firewall. Therefore, the first function of ICF is not to respond to the Ping command. Moreover, ICF also prohibits external programs from scanning ports on the local machine and discards all IP packets without requests.

PCs are different from servers. Generally, they do not provide services such as Ftp, Telnet, or POP3, so few system vulnerabilities can be exploited by hackers. Therefore, ICF can protect our personal computers to a certain extent.

ICF is a state firewall that monitors all communications passed and checks the source and target addresses of each message processed. To prevent unsolicited communication from entering the system Port, ICF retains all the communication tables from the local computer. In a separate computer, ICF will track communications from the local computer, and all incoming Internet communications will be compared for each item in this table. Only when there is a match in the communication table (this indicates that the communication exchange starts from a computer or a private network) Can the incoming Internet communication be transmitted to the computer on the network.

Communication (such as illegal Internet access) originating from an external ICF computer is blocked by the firewall, unless the communication is allowed on the "service" tab. ICF does not send activity notifications to you, but static blocking of unsolicited communication and preventing common hacker attacks such as port scanning.

The principle of ICF is to protect the local machine by saving a communication table and recording all the destination IP addresses, ports, services, and other data sent from the local machine. When an IP packet enters the local machine, ICF checks the table to see if the IP packet is requested by the local machine. If yes, it passes, if no corresponding record is found in the table, the IP packet is discarded. The following example demonstrates the principle. When you use Outlook Express to send and receive emails, a local PC sends an IP request to the POP3 mail server. ICF records the destination IP address and port. When an IP packet arrives at the local machine, ICF will first review it. By looking for the data recorded in advance, we can determine that the IP packet is from the destination address and port of our request, the packet is passed. Let's take a look at the situation when using the Outlook Express client mail program and mail server. Once a new mail arrives at the mail server, the mail server will automatically send an IP packet to the Outlook client to notify you of the arrival of a new mail. This notification is implemented through RPC Call. When the IP packet of the email server arrives at the client, the ICF program of the client reviews the IP packet and finds that the Outlook express client software of the local machine has sent an IP request to the address and port, therefore, this IP package will be accepted, and the client will certainly receive a new email notification from the email server. Then let Outlook Express receive new emails from the mail server.