Re: Simple Firewall: Summary

• Previous message: Nelson Santos: "Stack Overflow"
• In reply to: Alexander Suhovey: "RE: Simple Firewall: Summary"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 9 Jan 2005 00:55:37 -0800
To: security-basics@securityfocus.com

Alexander,
I think you are correct that IPSec could be used as a stateless packet
filter to deny traffic from explicit IP addresses. I shouldn't have
lumped it with the other ones in my summary. I didn't know you could
use IPSec this way without running it on clients as well. After going
through your first link, looks to me like it would work for what I
need. I also found that there is a PG Lite version of peer guardian
that is a stripped down version. I think the PKTFilter and PG Lite
are the best solutions for me. They are both very simple and adding
IP addresses to the deny list is as easy as editing a text file.
With IPSec it took about 20 forms to do it interactively. Probably
could do it with the command line util ipseccmd.exe one quicker.

Thanks for the links.

Greg

On Sat, 8 Jan 2005 22:09:00 +0300, Alexander Suhovey
<asuhovey@mtu-net.ru> wrote:
> Regarding IPSec filters - don't know why you desided that there's no deny
> capability. You can create a filter to block certain types of traffic
> to/from sertain set of IP address, subnet or DNS name.
> Here's a couple of links on topic. First is good example of GUI-based
> configuration of IPSec filters while second talks command line.
>
> How can I block a Windows 2000/XP/2003 computer from surfing on the Internet
> but still allow it to surf to Intranet sites?
> http://www.petri.co.il/block_internet_but_allow_intranet_with_ipsec.htm
>
> How to block specific network protocols and ports by using IPSec:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;813878
>
> Hth,
> Al
>
>
> > -----Original Message-----
> > From: G Farnham [mailto:gfarnham@gmail.com]
> > Sent: Thursday, December 30, 2004 1:27 AM
> > To: security-basics@securityfocus.com
> > Subject: Simple Firewall: Summary
> >
> > Thanks for all the responses. Summary below.
> > Followup question:
> > Are there any good tools for testing firewall performance.
> > Specifically in terms of latency added by firewall.
> >
> >
> > Summary:
> >
> > 1) This looks like best solution for me
> > Try PktFilter
> >
> > http://www.hsc.fr/ressources/outils/pktfilter/
> >
> > 2) This one looks viable also
> > ou may be able to use peerguardian... A firewall of sorts for
> > peer-2-peer apps that uses a deny list to prevent the
> > FBI/RIAA/MPAA etc.
> > from snooping your shared files. You should be able to pick
> > that up at http://www.methlabs.org/methlabs.htm
> >
> > 3) recommendations for commercial firewalls would probably
> > work, some recommended ones are:
> > Kerio
> > tiny firewall
> > sygate
> >
> > 4) Win Remote access service RRAS
> > I think this would work, but more overhead than I want
> >
> > 4) Use windows IP filtering, Win2003 SP1 (like XP SP2
> > firewall), IPSec white list I don't think any of these meet my needs.
> > I need a deny capability. Permit or White list will not help
> > me as the service (game server) needs to be open to the public.
> > As far as I know, built in IP filtering is "permit only" not
> > deny capability.
> > XP SP2 firewall has no way to define a deny list for source IP.
> > [If I have any of this wrong, feel free to correct me, but
> > please provide details on how to do it or where to see it]
> >
> > GDF
> >
>
>

• Previous message: Nelson Santos: "Stack Overflow"
• In reply to: Alexander Suhovey: "RE: Simple Firewall: Summary"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]