IPSec rules
From: first last (in5ecure24_at_hotmail.com)
Date: 04/20/04
- Previous message: Drew Simonis: "Location Aware GPO question"
- Next in thread: Noah: "Re: IPSec rules"
- Reply: Noah: "Re: IPSec rules"
- Reply: Maxime Ducharme: "Re: IPSec rules"
- Reply: Brian Eckman: "Re: IPSec rules"
- Reply: Aaron Drew: "IPSec 'window size'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-ms@securityfocus.com Date: Tue, 20 Apr 2004 03:34:53 -0400
Hello everyone,
I have been using IPSec for a while now, i am a fan of it BUT theres 1
weakness that id like to see if theres a way around.
Basicaly It comes down to Source Port Scaning. Now the thing is if you have
a rule that allows trafic to go FROM you:any TO the internet:80 all some one
has to do is scan from port 80 on there pc. poof allowed traffic. So i tryed
to set up more rules ie FROM internet:21,53,80 TO me:21,53,80 and block this
hoping since theres a 2nd more specific rule that it will block all
connections from any:80 TO me:80 since this traffic should never be
happining anyway... but nope dont work...
So my question for you is how can i do a work-around ? there a registery
setting i can fix? set priortys for applying IPSec rules? anything at all
The only thing that i can think that would work is to make tens of thousands
of allow rules like ...
FROM any:1200 TO me:80 allow
FROM any:1201 TO me:80 allow
FROM any:1202 TO me:80 allow and onn and onnn id have to write a script to
write a script to make the rules (unless i made 1 script w/ tens of
thousands of MANUALY writen rules and thats not gunna happen...)
Incase i wasnt to clear i want to prevent source port scaning from reveiling
every thing running on that box, blocking things like
FROM any:80 TO me:80 block
FROM any:80 TO me:135 block
FROM any:80 TO me:445 block ect ect
any ideas?
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now!
http://toolbar.msn.com/go/onm00200415ave/direct/01/
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Drew Simonis: "Location Aware GPO question"
- Next in thread: Noah: "Re: IPSec rules"
- Reply: Noah: "Re: IPSec rules"
- Reply: Maxime Ducharme: "Re: IPSec rules"
- Reply: Brian Eckman: "Re: IPSec rules"
- Reply: Aaron Drew: "IPSec 'window size'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
