ipsecpol on Windows 2000

• Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #117"
• Next in thread: Eric: "Re: ipsecpol on Windows 2000"
• Reply: Eric: "Re: ipsecpol on Windows 2000"
• Maybe reply: Hahn, Jacob: "RE: ipsecpol on Windows 2000"
• Reply: Peter Howard: "Re: ipsecpol on Windows 2000"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 17 Dec 2002 23:51:27 -0000
From: Damon McMahon <inst_karma@hotmail.com>
To: focus-ms@securityfocus.com

Greetings,

I've been experimenting with ipsecpol from the Windows
2000 Resource Kit to work as a backup firewall for my
Windows 2000 Professional gateway.

On pages 223-4 of 'Hacking Exposed' (2nd ed) Scambray,
McClure & Kurtz outline using IPSec filters to filter
traffic on an internet-exposed Win 2000 host using
ipsecpol from the Resource Kit. For example (ONLY an
example!)

  ipsecpol -f [0+*::ICMP]

creates a dynamic rule to drop all icmp packets.

This dynamic rule is implemented successfully [tested]
but what I can't do is remove it! I've tried:

  ipsecpol -f (0+*::ICMP)

which the documentation says should create a
pass-through filter for the filtering criteria - and I
would assume would override the previous block filter.
However, icmp traffic is still dropped, and the only
way to remove the rule I can determine is to restart
the IPSec Policy Agent service.

What am I doing wrong?

Note that (if possible) I want to create dynamic
filters rather than static filters.

• Next message: Nick Iglehart: "Removing locking user from CTRL-ALT-DEL window - NT 4.0"
• Previous message: Marc Fossi: "SecurityFocus Microsoft Newsletter #117"
• Next in thread: Eric: "Re: ipsecpol on Windows 2000"
• Reply: Eric: "Re: ipsecpol on Windows 2000"
• Maybe reply: Hahn, Jacob: "RE: ipsecpol on Windows 2000"
• Reply: Peter Howard: "Re: ipsecpol on Windows 2000"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: ipsecpol on Windows 2000 ... Try using the GUI in gpedit.msc, there you can unassign the policy. ... I've been experimenting with ipsecpol from the Windows ... McClure & Kurtz outline using IPSec filters to filter ... (Focus-Microsoft) Re: How do I modify a selection ? ... IRC channels where you can reach developers without dealing with bug ... When I used Windows software, ... And filters have to be categorized somehow. ... the message and I can't find any Russian or Chinese characters. ... (comp.graphics.apps.gimp) Re: IVideoWindow on WM5 ... Windows Media Player uses the same filters as DirectShow to render. ... This function works flawlessly in WinXP, but fails everytime in WM5 ... (microsoft.public.windowsce.embedded.vc) Re: IVideoWindow on WM5 ... Windows Media Player uses the same filters as DirectShow to render. ... (microsoft.public.windowsce.embedded.vc) Re: DirectShow AVI Splitter filter in Windows Mobile 5 ... I should go on to say then that the first test was on big windows. ... The identical code was then ported to WM5. ... available filters on WM5. ... (microsoft.public.win32.programmer.directx.video)