Re: Ipsec

From: Duane Arnold (notme_at_notme.com)
Date: 01/28/05

• Next message: Kerodo: "Re: Ipsec"
• Previous message: Casey: "P.S......."
• In reply to: Kerodo: "Ipsec"
• Next in thread: Kerodo: "Re: Ipsec"
• Reply: Kerodo: "Re: Ipsec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 28 Jan 2005 00:16:06 GMT

Kerodo <loopback@localhost.com> wrote in news:MPG.1c62d145a5f7493c989680
@news.west.cox.net:

> I just discovered IPSEC on my Win2k system. What a great find! I have
> it set up as a basic packet filter now, allowing what ports and
> addresses I need outbound, and blocking everything inbound. No need for
> a 3rd party firewall anymore. No app control, but who cares? I don't
> need it anyway.
>
> Question: I don't suppose there's any way to get some kind of logging
> out of IPSEC is there? I don't really need it I guess since I've seen
> what typical stuff comes in here with all my other firewalls, but I'm
> just curious if it's possible... I don't see any way to do it so far..
>

IPsec is cool but it's a pain in the ass with the high ports when a high
port is used for a download. You either have to create rules or drop IPsec.
If you're behind an appliance or PFW, then that's no big deal with dropping
IPsec. It also interfered with the logging from the router where I had to
set rules to let the logging in on the port that the logging application
running on the machine needed open - just a little FYI.

If you don't know about the AnalogX file, then take a look at the rules (a
good way to learn rules and protocols) that are made for HTTP, POP3, NNTP,
etc and you can implement the AnalogX file on Win 2k, XP and Win 2K3 O/S.

http://tinyurl.com/1mls

It has logging but I never used it and it may or may not be what you're
looking for.

http://tinyurl.com/46fft

I used IPsec to supplement BlackIce on the outbound and BlackIce did report
on the activies of IPsec when Ipsec was doing the blocking.

Duane :)

---

• Next message: Kerodo: "Re: Ipsec"
• Previous message: Casey: "P.S......."
• In reply to: Kerodo: "Ipsec"
• Next in thread: Kerodo: "Re: Ipsec"
• Reply: Kerodo: "Re: Ipsec"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Ipsec ... >> addresses I need outbound, ... >> out of IPSEC is there? ... > IPsec is cool but it's a pain in the ass with the high ports when a high ... It also interfered with the logging from the router where I had to ... (comp.security.firewalls) Re: assigning ip addresses on a secure way ... > superscope scenario to configure the DHCP to assign 10.3.ip s just to the ... >> allows you to filter mac addresses in a learn mode that can lock ports to ... >> configurations and can allow all computers internet access while not ... >> Within a domain ipsec by default will use kerberos authentication and any ... (microsoft.public.security) Re: I am sick of windows firewall ... the XP FW if you need to stop outbound packets. ... I have made my adjustments to IPsec to supplement BlackIce ... the Windows networking ports even though BI was stopping ... (comp.security.firewalls) Re: Windows 2003 Server RRAS and IPSEC ... You can check out the following link for info regarding the ports to be ... parallel firewalls or utilize filters like IPSEC to protect our servers (we ... 443, our campus DNS servers, and campus time servers. ... our campus dialup service then dialed the vpn connection to the new RRAS ... (microsoft.public.win2000.ras_routing) Re: Win2K Security & Firewall - long post ... for your other ports. ... >>at implementing an IPSec policy on Win2K for extra security. ... >>Today I went a stage further and did a fresh installation of Win2K, ... number of programs that use secondary connections. ... (comp.security.firewalls)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)