Re: IPSEC not blocking specific IP address per Ethereal
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/20/05
- Next message: Matthias Hoys: "Re: VIRUS W32.Goldun.M (Re: hotmail password request tool (intranet usage)"
- Previous message: Ulrich Hobelmann: "Re: hotmail password request tool (intranet usage)"
- In reply to: Steve Clark [MSFT]: "Re: IPSEC not blocking specific IP address per Ethereal"
- Next in thread: Duane Arnold: "Re: IPSEC not blocking specific IP address per Ethereal"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Apr 2005 12:56:41 -0500
If you are using an operating system that has Windows Firewall. :) --
Steve
"Steve Clark [MSFT]" <bogus@microsoft.com> wrote in message
news:O3PlAgcRFHA.3788@tk2msftngp13.phx.gbl...
> Best practice is to use the Windows Firewall *with* IPsec to achieve
> stateful filtering.
>
> WF will control inbound behavior and IPsec filters will control
> outbound...
>
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:%23P5sSpQRFHA.2604@TK2MSFTNGP10.phx.gbl...
>>I did try Ethereal after configuring an ipsec policy on a test computer.
>>Ethereal DID show the connection attempts as a syn packet. My computer did
>>not respond because of the ipsec policy. If your ipsec policy is
>>configured correctly Ethereal would show that your computer is not
>>responding to connection attempts from blocked traffic.
>>
>> Having said that, ipsec is not meant to be an internet facing firewall.
>> At best it is a non stateful packet filtering mechanism that also has
>> default exemptions. Since ipsec is not stateful, attackers can gain
>> information about your computer by using a scanner that use a source port
>> that your ipsec policy allows. Blocking access by IP addresses is
>> effective only as long as that attacker is using that IP address that is
>> blocked. If at all possible use some sort of firewall device in addition
>> to ipsec. There are low priced NAT/PAT router firewalls that would help
>> you quite a bit by doing a better job of filtering traffic and keeping
>> unwanted traffic off of your computers network interface.. --- Steve
>>
>>
>> "Alfredo" <alfredo@KILL_SPAM_megapath.net> wrote in message
>> news:4265364a.695734823@news.megapath.net...
>>> "T. Sean Weintz" <strap@hanh-ct.org> sez :
>>>
>>>>Alfredo wrote:
>>>>> it could be that ethereal is
>>>>> capturing the packets before IPSEC gets to block them
>>>>Yup. That is what's happening.
>>>
>>> Wait, that can't be it, because there's also the case of the flooding
>>> spammer trying to relay through me.
>>>
>>> I placed his IP on the same "block" list, and yet my SMTP inlog still
>>> shows his flood of email attempts *after* I put him on the IPSEC block
>>> list exactly like I did with the worm above. His packets are still
>>> getting through. This is an IPSEC issue.
>>>
>>> Can anyone see what I have done wrong in my IPSEC policy? I am getting
>>> overwhelmed with worms and spammers doing what amounts to a DOS attack
>>> on my server and I would like to stop them.
>>>
>>
>>
>
>
- Next message: Matthias Hoys: "Re: VIRUS W32.Goldun.M (Re: hotmail password request tool (intranet usage)"
- Previous message: Ulrich Hobelmann: "Re: hotmail password request tool (intranet usage)"
- In reply to: Steve Clark [MSFT]: "Re: IPSEC not blocking specific IP address per Ethereal"
- Next in thread: Duane Arnold: "Re: IPSEC not blocking specific IP address per Ethereal"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
