[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Tue Jun 8 07:39:28 2004 -->
- <!--x-from-r13: rfbgrevp ng 3gvzrf25.arg (Urbsserl) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: 04Jun3.122004-0400_edt.360380-[email protected] -->
- <!--x-reference: 1086281507.13042.34.camel@ibb-250 -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] Open Source Firewall for Windows 2000/XP? -->
- <li><em>date</em>: Tue Jun 8 07:39:28 2004</li>
- <li><em>from</em>: esoteric at 3times25.net (Geoffrey)</li>
- <li><em>in-reply-to</em>: <<a href="msg00178.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00049.html">[email protected]</a>> <1086281507.13042.34.camel@ibb-250> <<a href="msg00178.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] Open Source Firewall for Windows 2000/XP?</li>
> Correction: Microsoft and ISS have announced a hole in IPSEC filtering.
> Any packet with a source port of 88 or 500 (a whole list, actually)
> automatically gets passed through the IPSEC firewalls, regardless of your
> rulesets. According to M$, IPSEC is not intended to be a firewall.
> Please visit <a rel="nofollow" href="http://www.ibb.gatech.edu/~jglass/tips-n-tricks/windowsipsec/";>http://www.ibb.gatech.edu/~jglass/tips-n-tricks/windowsipsec/</a>
> for details.
That makes no sense to me. You would use a firewall to permit or deny
ipsec packets right? So are you saying that if you attempt to permit
ipsec through a M$ firewalled box, it creates a vulnerability?
IPSEC was not intended to be a firewall, but a secure way to pass data
across an public network.
What am I missing?
> Geesh, they can't even get packet filtering right!
Agreed, but I'm still trying to make sense of of the 'IPSEC is not
intended to be a firewall' statement.
--
Until later, Geoffrey Registered Linux User #108567
Building secure systems in spite of Microsoft
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00183" href="msg00183.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> jonathan.glass at ibb.gatech.edu (Jonathan Glass)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00049" href="msg00049.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> jonathan at xcorps.net (Jonathan Rickman)</li></ul></li>
<li><strong><a name="00050" href="msg00050.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> jonathan.glass at ibb.gatech.edu (Jonathan Glass)</li></ul></li>
<li><strong><a name="00178" href="msg00178.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> jonathan.glass at ibb.gatech.edu (Jonathan Glass)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00180.html">[ale] DLink DWL-520 or SMC2402W wireless card Mandrake 10.0 anyone have any advice?</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00182.html">[ale] hotmail on Linux</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00178.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00183.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00181"><strong>Date</strong></a></li>
<li><a href="threads.html#00181"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>