Laura,

Oddly enough, my machine WOULD accept "telnet <ip.address> 389" when ICF is
enabled. But your answer is perfectly correct.

Stuart,

Thanks for the MSKB article - that held the answer!

Everyone,

According to MSKB Q261203 article, ICS (and RRAS-NAT) includes a H323/LDAP
proxy service. It cannot be disabled in ICS (read: Windows XP). I was very
confused by this because I was NOT running ICS, only ICF. Because ICS and
ICF run under the same service, the H323/LDAP proxy runs as well.

Personally, I feel the inability to disable this "proxy" and the obscure
documentation is a bug/design flaw/oversight, whether the proxy itself is a
"feature" or not. If you started up Sygate or ZoneAlarm and found that it
opened up the TFTP port, wouldn't you be concerned? Needless to say, I won't
ever use ICF again, and I strongly urge you to do the same. What if
NetMeeting had a buffer overflow condition? You wouldn't be protected.

Kevin

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]