3

I've recently read a Microsoft Technet article on how Windows Firewall works. The author of the article uses concepts like 'solicited network traffic' and 'unsolicited network traffic' for a machine. I guess I don't fully understand the concept of those.

In relation to TCP protocol, is the solicited traffic a traffic that was initiated by a local machine?

In relation to UDP protocol, is there even sth like a solicited/unsolicited traffic or is all traffic unsolicited?

What about other protocols? (+can Windows Firewall filter those other protocols)

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
colemik
  • 759
  • 1
  • 12
  • 24

1 Answers1

7

Yes, solicited traffic is traffic that was initiated by you. Solicited traffic automatically gets a pass, no matter the port, because you initiated it. This alleviates a lot of the headaches of traditional firewalls, e.g., having to open up ALL the ephemeral ports, because Windows Firewall will keep track of the session state for you.

EEAA
  • 109,363
  • 18
  • 175
  • 245
Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
  • Strange, I could swear that this was Evan Anderson's answer. My eyes must be failing me. – joeqwerty Dec 21 '11 at 03:17
  • Does 'initiated by me' reference only to the TCP based connection? – colemik Dec 21 '11 at 13:05
  • Even though UDP doesn't really have the concept of a "connection," most firewalls record the socket pair (source IP + port, destination IP + port) and will allow replies that fit this pattern until a timeout passes without traffic, tearing down the "connection". There is also a similar mechanism known as stateful packet inspection. – Ryan Ries Dec 21 '11 at 14:55