Re: Looking for a simple packet filter - can you help?

From: bz (bz+nanae_at_ch100-5.chem.lsu.edu)
Date: 05/28/04

Next message: david20_at_alpha2.mdx.ac.uk: "Re: HTTPS and URL encoding"
Previous message: chris_at_nospam.com: "Re: Linux server brought down by Elite on 31337 port and also how to install 2 hard disks on the same linux machine"
In reply to: Curious: "Looking for a simple packet filter - can you help?"
Next in thread: Petr Pisar: "Re: Looking for a simple packet filter - can you help?"
Reply: Petr Pisar: "Re: Looking for a simple packet filter - can you help?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 28 May 2004 09:31:28 +0000 (UTC)

dispacct@hotmail.com (Curious) wrote in
news:95b4a90c.0405250457.6b128abd@posting.google.com:

> Hi all.
>
> I'm looking for a simple (preferably free!) packet filter for a
> windows network.
>
> The sum total of the functionality I NEED is the ability to drop
> packets based on source IP and content.
>
> Anybody know of one?
>
> Cheers

on windows 2k you can set up a local security policy. It is not a simple
'one step process' to set up, but it does work.

You can block all IP packets from specific IP addresses (and even blocks of
addresses but the netmasking does NOT work right. The only netmasks that
work are 255.255.255.0 and 255.0.0.0 and 255.0.0.0 ONLY works for IP
addresses with a first octet lower than 126.

I use it to block access to port 1433 on a server with several IP addresses
for multiple web servers that is also running SQL because I only want
access to SQL through one IP address.

The SQL service insisted on listening on ALL IPs so the SQL worms were
trying ALL the IP addresses and really bugging me until I managed to set up
the local security policy.

winXP also has 'firewall' capabilities built in but I have not played with
them.

-- 
bz
please pardon my infinite ignorance, the set-of-things-I-do-not-know is an 
infinite set.
bz+nanae@ch100-5.chem.lsu.edu

Next message: david20_at_alpha2.mdx.ac.uk: "Re: HTTPS and URL encoding"
Previous message: chris_at_nospam.com: "Re: Linux server brought down by Elite on 31337 port and also how to install 2 hard disks on the same linux machine"
In reply to: Curious: "Looking for a simple packet filter - can you help?"
Next in thread: Petr Pisar: "Re: Looking for a simple packet filter - can you help?"
Reply: Petr Pisar: "Re: Looking for a simple packet filter - can you help?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: W2kserver/SQLserver generating mass Netwrok load
... You'd first want to look at what ports are being used in the packets. ... router or sniffer should show you that. ... The SQL Slammer ...
(microsoft.public.win2000.security)
Re: Am I doing this right?
... SQL Stored Proc gets the inserted data and places it in other table. ... Since App receives thousands of packets, as the DB gets larger, the inserts ... Queue (use enqueue. ... though the enqueue showed fine. ...
(microsoft.public.dotnet.languages.vb)
Re: TDS vs. TCP
... I start capturing the network traffic between SQL ... Server and the client. ... I don't see any TDS packets but the communication between SQL ... stand-a-lone server and the client, ...
(microsoft.public.sqlserver.clustering)