Re: Microsoft Strategic Technology Protection Program
From: Jean-Baptiste Marchand (Jean-Baptiste.Marchand@HSC.FR)Date: 10/10/01
- Previous message: Yelton, Nathan: "Re: NTFS inherited permissions bug on W2K"
- In reply to: Tony Chow: "Re: Microsoft Strategic Technology Protection Program"
- Next in thread: Kayne Ian (Softlab): "Re: Microsoft Strategic Technology Protection Program"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20011010132234.A27137@garbarek.hsc.fr> Date: Wed, 10 Oct 2001 13:22:34 +0000 From: Jean-Baptiste Marchand <Jean-Baptiste.Marchand@HSC.FR> Subject: Re: Microsoft Strategic Technology Protection Program To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Tony Chow <tchow@BLUETENTACLE.COM> wrote :
[...]
> Another potential area of confusion lies in IPSec. IPSec is not as
> capable as a firewall. It cannot distinguish between incoming and
> outgoing TCP traffic, and between the various types of ICMP messages.
AFAIK, IPsec filters can distinguish incoming and outgoing trafic.
However, the default setting when specifying a filter in the 'IP
Security Policies' plugin in the MMC is 'Mirrored' (equivalent to a '+'
instead of '=' when specifying rule via ipsecpol), whose immediate
effect is to effectively produce two rules, for incoming and outgoing
trafic. You can uncheck this option and specify different rules for
inbound and outbound trafic.
On the other hand, if you need to filter on ICMP messages (type and
code), you can use the packet filtering possibilites of the RRAS
service. You can script these rules via netsh. If you are only
interested in IP filtering of RRAS, maybe you'd prefer to use a small
service that can configure the IP filtering driver found in Windows
2000 instead of RRAS
<advertisement>
PktFilter (http://www.hsc.fr/ressources/outils/pktfilter/) can configure
the IP filter driver of Windows 2000, using rules written in a text file
</advertisement>
However, I'm not sure if you can deploy RRAS IP filtering rules as
easily as IPsec policies.
Hope this helps,
Jean-Baptiste Marchand
-- Jean-Baptiste.Marchand@hsc.fr Hervé Schauer Consultants http://www.hsc.fr/============================================================================ Delivery co-sponsored by Trend Micro, Inc. ============================================================================ BEST-OF-BREED ANTIVIRUS SOLUTION FOR MICROSOFT EXCHANGE 2000 Earn 5% rebate on licenses purchased for Trend Micro ScanMail for Microsoft Exchange 2000 between October 1 and November 16. ScanMail ensures 100% scanning of inbound and outbound traffic and provides remote software management. For program details or to download your 30-day FREE evaluation copy: http://www.antivirus.com/banners/tracking.asp?si=53&BI;=245&UL;=http://www.ant ivirus.com/smex2000_rebate
- Previous message: Yelton, Nathan: "Re: NTFS inherited permissions bug on W2K"
- In reply to: Tony Chow: "Re: Microsoft Strategic Technology Protection Program"
- Next in thread: Kayne Ian (Softlab): "Re: Microsoft Strategic Technology Protection Program"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
