[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

The problem here is that when you are using IP security policies in
2000/XP, despite what policies you set (deny all incoming), the Windows
default behavior is to accept all traffic with a source port of
500|88|(others).

Sorry for the miscommunication.

Jonathan Glass

On Tue, 2004-06-08 at 07:38, Geoffrey wrote:
> Jonathan Glass wrote:
> 
> > Correction:  Microsoft and ISS have announced a hole in IPSEC filtering. 
> > Any packet with a source port of 88 or 500 (a whole list, actually)
> > automatically gets passed through the IPSEC firewalls, regardless of your
> > rulesets.  According to M$, IPSEC is not intended to be a firewall. 
&gt; &gt; Please visit <a  rel="nofollow" href="http://www.ibb.gatech.edu/~jglass/tips-n-tricks/windowsipsec/";>http://www.ibb.gatech.edu/~jglass/tips-n-tricks/windowsipsec/</a>
&gt; &gt; for details.
&gt; 
&gt; That makes no sense to me.  You would use a firewall to permit or deny 
&gt; ipsec packets right?  So are you saying that if you attempt to permit 
&gt; ipsec through a M$ firewalled box, it creates a vulnerability?
&gt; 
&gt; IPSEC was not intended to be a firewall, but a secure way to pass data 
&gt; across an public network.
&gt; 
&gt; What am I missing?
&gt; 
&gt; &gt; Geesh, they can't even get packet filtering right!
&gt; 
&gt; Agreed, but I'm still trying to make sense of of the 'IPSEC is not 
&gt; intended to be a firewall' statement.
-- 
Jonathan Glass
Systems Support Specialist II
Institute for Bioengineering &amp; Bioscience
Georgia Institute of Technology
Email: jonathan.glass at ibb.gatech.edu
Office: 404-385-0127
Fax: 404-894-2291


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00184" href="msg00184.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00049" href="msg00049.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> jonathan at xcorps.net (Jonathan Rickman)</li></ul></li>
<li><strong><a name="00050" href="msg00050.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> jonathan.glass at ibb.gatech.edu (Jonathan Glass)</li></ul></li>
<li><strong><a name="00178" href="msg00178.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> jonathan.glass at ibb.gatech.edu (Jonathan Glass)</li></ul></li>
<li><strong><a name="00181" href="msg00181.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00182.html">[ale] hotmail on Linux</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00184.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00181.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00184.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00183"><strong>Date</strong></a></li>
<li><a href="threads.html#00183"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>