From: "Hrvoje Mesing" 


"Geo."  wrote in message
news:412497bc{at}w3.nls.net...
> Just came across the lists, fyi.
>
> Geo.
>
> -----------------------
>
> Does anyone have any ideas why MS decided to put the firewall log files in
> the c:\windows directory as a straight text file rather than using the
> event
> logs (ie a new firewall log)
>
> Think the logic through
>
> The OS directory is not supposed to be used for temporary files (and I
> include logs in this). How are we supposed to secure the OS areas if it
> creates logs there !??
>
> File based logs require NBT ports open so that you can read them remotely,
> this limits the effectiveness of the firewall.
>
> If event logs were in use, central management via MOM would be possible
> and
> all the standard event log handling tools could be used.


-+-

I tought that Defualt is: C:\windows\system32\LogFiles\ I dont think that
writing "temp" FW log file to a %systemroot" makes a diff.
You can secure OS area no metter this. Also, You can always change the
default path of a FW log file - MS provided *.inf file for auto-FW-config.
Windows communication, file and print sharing (which is the nromal case in
every Windows based network: home/enterprise) is done over 445 (NBT -
netbios over TCP) - which is more secure then 137/138/139 tcp/udp - also,
how is MOM or AD computer managment doing their connection to event logs ?
Isnt that 445 as well ? + You cannot read something from the machine if you
dont have open ports fot service/login. Use SSH if you need a secure shell.

-+-
M.

--- BBBS/NT v4.01 Flag-5