Re: IPSec

From: Brian (brianphillips_at_clara.co.uk)
Date: 06/18/04 

Date: Fri, 18 Jun 2004 19:28:02 +0100

In message <caug95$7fm$1@thorium.cix.co.uk>, Mike
<nospam@notherematey.com> writes
>
>"Brian" <brianphillips@clara.co.uk> wrote in message
>news:kS5rcMBp1r0AFwO9@clara.co.uk...
>> In message <1khPRyCJbd0AFwvR@clara.co.uk>, Brian
>> <brianphillips@clara.co.uk> writes
>> >I've been experimenting with IPSec filters on XP Pro. First I blocked
>> >all outward traffic except traffic directed to port 80 of any other
>> >computer. This functioned well and I could access web pages successfully.
>> >
>> >Second I blocked all inward traffic except traffic originating from
>> >port 80 on any computer. The effect of this, in combination with my
>> >first rule above, was to inhibit all web pages.
>> >
>> >Clearly the web pages that I tried to contact were not responding from
>> >port 80.
>> >
>> >Question: why were the web pages not responding from their port 80?
>> >
>> >Many thanks
>> >
>> >Brian
>> >
>> >
>>
>> Thanks everyone for the replies.
>>
>> I actually thought that a web server having received a request on its
>> port 80 would send the data on some port numbered above 1024 but
>> Minasi's book "Windows 2000 server" seems to suggest that replies are
>> also sent from port 80.
>>
>> Mike asked how did DNS function if ALL outgoing traffic except that
>> addressed to port 80 was blocked. The short answer is that I do not
>
>I was implying that when you had blocked ALL outgoing you hadn't actually
>done anything of the sort because if you had, your DNS request would have
>failed.
>
>

I did understand what you meant and I agree that when I said all traffic
except that to port 80 was blocked I must have been wrong. But my
point is that I have used the IPSec "block" action applied to all TCP
traffic which I thought would block all traffic, as I said, except for
those protocols that I mentioned and which I do not think are relevant.
Having blocked all traffic (or so I thought) I then used the IPSec
"permit" action to allow traffic destined for port 80 on any computer to
be sent. Having done no more than what I have just said, I am
completely at a loss to understand how the DNS service was called into
action. (Actually, when I started my experiment, I had forgotten about
DNS.)

Brian

Relevant Pages

  • Re: what does that mean ??
    ... > Port numbers below 1024. ... When your machine sends a request to something ... > like DNS it sends a packet to the DNS server with a destination port of ... > 53 and with a randomly selected source port ...
    (comp.os.linux.security)
  • Re: what does that mean ??
    ... Port numbers below 1024. ... HTTP is port 80, DNS is port 53, SSH is port 22 etc. Unpriviledged ports ... When your machine sends a request to something ... 53 and with a randomly selected source port ...
    (comp.os.linux.security)
  • Re: Error 678 The remote computer did not respond
    ... Also I can telnet to port 1723 when using the IP address but not the DNS name ... Mike wrote: ...
    (microsoft.public.windows.server.networking)
  • Re: how to host my own DNS for websites?
    ... Mike R. made a post then I commented below ... I guess your priority will be to your external Internet users. ... will only listen and forward to one port per IP. ... you use the ISA's DNS to handle external queries ...
    (microsoft.public.win2000.dns)
  • Re: Event ID: 5504
    ... User Datagram Protocol, Src Port: 1273, Dst Port: domain ... Authority RRs: 0 ... and if its an issue with the Windows DNS ... > assuming (none of us have asked your config yet) that you have all your ...
    (microsoft.public.win2000.dns)
Quantcast