Re: IPsec - locking down Windows 2003

From: David Sickmiller (davesickmiller_at_yahoo.com)
Date: 03/26/04

  • Next message: Herb Martin: "Re: What is a local logon?" 
    Date: 26 Mar 2004 14:30:45 -0800

    Lee,

    When you configure your IPSec filters, you specify both the "source
    port" and "destination port". In your original post, you didn't say
    whether port 80 was the source port or destination port.

    If you want to let someone access a web server running on the box,
    allow traffic with a mirrored filter with the following settings:
    - Source Address: Any IP Address
    - Destination Address: My IP Address

    - Protocol: TCP
    - From: any port
    - To this port: 80

    It also sounds like you set up a mirrored ALLOW filter for this kind
    of traffic:
    - Source Address: My IP Address
    - Destination Address: Any IP Address

    - Protocol: TCP
    - From: any port
    - To this port: 80

    I believe this would allow TCP packets to be sent from *.*.*.*:80 to
    any TCP port on your server.

    Windump is a great tool if you want to prove me right (or wrong).

    -David

    leeatkinsonlincs@hotmail.com (Lee Atkinson) wrote in message news:<ab5f9e77.0403250703.5038a2c4@posting.google.com>...
    > Hi Roger
    >
    > My understanding of the mirrored attribute is that it allows the
    > 'return packets'. Therefore, yes, I do not need to mirror the blocking
    > of inbound packets.
    >
    > However, I do need to mirror the acceptable inbound trafffic and
    > outbound traffic.
    >
    > But as well as allowing return traffic, would the mirror on the
    > outbound rule allow newly intitated packets from the outside (as long
    > as they were coming from the remote host's port 80)?
    >
    > Many thanks
    >
    > Lee

  • Next message: Herb Martin: "Re: What is a local logon?"

    Relevant Pages

    • RE: L2TP + NAT-T
      ... "I'm using L2TP/IPSec since PPTP does not work through NAT. ... > Destination Port 0 ... > IKE Source Port 500 ... > IKE Destination Port 6159 ...
      (microsoft.public.win2000.ras_routing)
    • Re: what www perl script is running?
      ... You can add an ipfw rule to prevent the script from ... Block on the destination port ... pass out quick on $ext_if proto tcp from me to any port ... You said block by destination port. ...
      (freebsd-questions)
    • Re: Craigslist Bouncing Me - Non-generic DNS
      ... You do not need to use TCP source port 25, but you do need TCP destination port 25. ... It is systems that have become infected with a worm / virus of some sort that has its own SMTP engine in it that is sending the majority of the spam. ... The only reason I mentioned the mail servers is so that they people running them, be it hobbyist or businesses, could state that they will take responsibility for their systems and to request bypassing of the default outgoing destination port 25 block. ...
      (comp.mail.sendmail)
    • Re: what www perl script is running?
      ... In response to Adam Vande More: ... Block on the destination port _only_ ... and that's why filtering on the destination port ... pass out quick on $ext_if proto tcp from me to any port ...
      (freebsd-questions)
    • Re: Help with email setup for small network (imap)
      ... you're saying that most filter the destination port 25? ... So, what, are you saying that the ISP blocks the traffic to destination ...
      (alt.os.linux)