[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

[SNIP]

- > > Is it possible to explicitly block these ports, or are they ALWAYS open?
- > 
- > Therein lies the rub.  I have gone through my client machines, and
- > killed these services, and closed the ports, but port scanning the
- > machines using a source port of 500 still allows me full access to the
- > boxes.  :(
- 
- 
- Straight from the microsoft documentation on disabling this
- kerberos-ipsec exemption:
- <a  rel="nofollow" href="http://tinyurl.com/3d8f4";>http://tinyurl.com/3d8f4</a>

Excellent.

I'm back with another question. First thanks to Jonathan for all the great
info. I even discussed the issue in my Information Security class yesterday.

A few more question came from that discussion: 

1) Presuming that all ports are turned off, what is the consequence for a
client only Windows machine that offers no services?

2) Where can the cool script that you generated be put so that protection is
automagically invoked when the machine is booted?

3) It seems that the scripts only block certain ports. Is it possible to
specify blackage of all incoming ports (i.e. [*=0:*,TCP]?) Never mind I found
it here:

---------------------------------------------
<a  rel="nofollow" href="http://win2k.uwaterloo.ca/IP_Security/Servers_IPSEC.htm";>http://win2k.uwaterloo.ca/IP_Security/Servers_IPSEC.htm</a>

example:
ipsecpol -x -w reg -p &quot;UW DC Policy&quot; -r &quot;TCP Blocked&quot; -n BLOCK  -f *+0::TCP
#The first blocks all TCP traffic to and from anywhere to the server where 
#this is run.

A followup explanation of the filter specification:

Our Filter Explained:

'-f 129.97.*.*+0::TCP' defines a source mask of 129.97.*.* meaning from
anywhere on campus.

The '+' mirrors the filter meaning source to destination and destination to
source, [BAJ Note: use an '=' for a filter in a single direction]

The '0' defines our destination as the IP address of the workstation it's
defined on,

and the port controlled is all TCP since there is no number between the two
colons.
---------------------------------------------

 
A bit overreaching, but gives enough information in order to tailor the
policy.

I see two possible configs:

1) Machine on unprotected network. All incoming ports (including port 500)
closed. Would the machine function in this configuration?

2) Machine on firewall protected network. Wat ports would need to be open 
in order to get ordinary windows authentication and sharing services?

Thanks for all the help Jonathan. Oh BTW the last name is Jeff, not Jeffy as
you have in your acknowlgement on your web page.

BAJ


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00188" href="msg00188.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> jonathan.glass at ibb.gatech.edu (Jonathan Glass)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00049" href="msg00049.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> jonathan at xcorps.net (Jonathan Rickman)</li></ul></li>
<li><strong><a name="00050" href="msg00050.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> jonathan.glass at ibb.gatech.edu (Jonathan Glass)</li></ul></li>
<li><strong><a name="00178" href="msg00178.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> jonathan.glass at ibb.gatech.edu (Jonathan Glass)</li></ul></li>
<li><strong><a name="00181" href="msg00181.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
<li><strong><a name="00183" href="msg00183.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> jonathan.glass at ibb.gatech.edu (Jonathan Glass)</li></ul></li>
<li><strong><a name="00184" href="msg00184.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
<li><strong><a name="00185" href="msg00185.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> jonathan.glass at ibb.gatech.edu (Jonathan Glass)</li></ul></li>
<li><strong><a name="00186" href="msg00186.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
<ul><li><em>From:</em> jonathan.glass at ibb.gatech.edu (Jonathan Glass)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00186.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00188.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00186.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00188.html">[ale] Open Source Firewall for Windows 2000/XP?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00187"><strong>Date</strong></a></li>
<li><a href="threads.html#00187"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>