IPSec rulesApr 20 2004 07:34AM first last (in5ecure24 hotmail com) (4 replies)
Hello everyone,
I have been using IPSec for a while now, i am a fan of it BUT theres 1
weakness that id like to see if theres a way around.
Basicaly It comes down to Source Port Scaning. Now the thing is if you have
a rule that allows trafic to go FROM you:any TO the internet:80 all some one
has to do is scan from port 80 on there pc. poof allowed traffic. So i tryed
to set up more rules ie FROM internet:21,53,80 TO me:21,53,80 and block this
hoping since theres a 2nd more specific rule that it will block all
connections from any:80 TO me:80 since this traffic should never be
happining anyway... but nope dont work...
So my question for you is how can i do a work-around ? there a registery
setting i can fix? set priortys for applying IPSec rules? anything at all
The only thing that i can think that would work is to make tens of thousands
of allow rules like ...
FROM any:1200 TO me:80 allow
FROM any:1201 TO me:80 allow
FROM any:1202 TO me:80 allow and onn and onnn id have to write a script to
write a script to make the rules (unless i made 1 script w/ tens of
thousands of MANUALY writen rules and thats not gunna happen...)
Incase i wasnt to clear i want to prevent source port scaning from reveiling
every thing running on that box, blocking things like
FROM any:80 TO me:80 block
FROM any:80 TO me:135 block
FROM any:80 TO me:445 block ect ect
any ideas?
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar ? get it now!
http://toolbar.msn.com/go/onm00200415ave/direct/01/
I have been using IPSec for a while now, i am a fan of it BUT theres 1
weakness that id like to see if theres a way around.
Basicaly It comes down to Source Port Scaning. Now the thing is if you have
a rule that allows trafic to go FROM you:any TO the internet:80 all some one
has to do is scan from port 80 on there pc. poof allowed traffic. So i tryed
to set up more rules ie FROM internet:21,53,80 TO me:21,53,80 and block this
hoping since theres a 2nd more specific rule that it will block all
connections from any:80 TO me:80 since this traffic should never be
happining anyway... but nope dont work...
So my question for you is how can i do a work-around ? there a registery
setting i can fix? set priortys for applying IPSec rules? anything at all
The only thing that i can think that would work is to make tens of thousands
of allow rules like ...
FROM any:1200 TO me:80 allow
FROM any:1201 TO me:80 allow
FROM any:1202 TO me:80 allow and onn and onnn id have to write a script to
write a script to make the rules (unless i made 1 script w/ tens of
thousands of MANUALY writen rules and thats not gunna happen...)
Incase i wasnt to clear i want to prevent source port scaning from reveiling
every thing running on that box, blocking things like
FROM any:80 TO me:80 block
FROM any:80 TO me:135 block
FROM any:80 TO me:445 block ect ect
any ideas?
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar ? get it now!
http://toolbar.msn.com/go/onm00200415ave/direct/01/
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]