Re: IPSEC not blocking specific IP address per Ethereal

From: Alfredo (alfredo_at_KILL_SPAM_megapath.net)
Date: 04/19/05 

Date: Tue, 19 Apr 2005 16:51:19 GMT

"T. Sean Weintz" <strap@hanh-ct.org> sez :

>Alfredo wrote:
>> it could be that ethereal is
>> capturing the packets before IPSEC gets to block them
>Yup. That is what's happening.

Wait, that can't be it, because there's also the case of the flooding
spammer trying to relay through me.

I placed his IP on the same "block" list, and yet my SMTP inlog still
shows his flood of email attempts *after* I put him on the IPSEC block
list exactly like I did with the worm above. His packets are still
getting through. This is an IPSEC issue.

Can anyone see what I have done wrong in my IPSEC policy? I am getting
overwhelmed with worms and spammers doing what amounts to a DOS attack
on my server and I would like to stop them.

Relevant Pages

  • Re: Interaction between ipfw, IPSEC and natd
    ... > which means that NAT is extremely hard to use in an IPSEC environment. ... do not need IPSEC packets to be routed through the firewall at all. ... 'untrusted IPSEC tunnel' (that is, a tunnel which you want to filter traffic ...
    (FreeBSD-Security)
  • Re: Interaction between ipfw, IPSEC and natd
    ... >> which means that NAT is extremely hard to use in an IPSEC environment. ... > do not need IPSEC packets to be routed through the firewall at all. ... > and dest address and injects it into the outside interface of the firewall; ...
    (FreeBSD-Security)
  • FW: IPSEC tunnel problem
    ... I had a problem with IPSEC which is actually already solved on ... Subject: IPSEC tunnel problem ... Why the router replies with ICMP host-unreachable to the TCP packets ... WAN interface, ipencap in on WAN interface, in on gif and out packet on ...
    (freebsd-net)
  • Re: IPSEC not blocking specific IP address per Ethereal
    ... Use telnet to verify that port is open ... It may take a reboot to refresh the ipsec policy. ... > against those IPs but ethereal still shows their packets getting in past ... the filter against this IP is specific enough that IPSEC ...
    (comp.security.firewalls)
  • Re: Netscreen Remote, NAT and Windows 2000
    ... > is based off 192.168.0.2 and the hash that the foreign VPN box generates ... > any good VPN box it discards the packets since it can't authenticate. ... This is true for transport-mode IPSEC packets, ... > non-routable IP address NAT but that's just me. ...
    (comp.security.firewalls)