[ale] Open Source Firewall for Windows 2000/XP?
Geoffrey
esoteric at 3times25.net
Tue Jun 8 07:39:28 EDT 2004
Jonathan Glass wrote:
> Correction: Microsoft and ISS have announced a hole in IPSEC filtering.
> Any packet with a source port of 88 or 500 (a whole list, actually)
> automatically gets passed through the IPSEC firewalls, regardless of your
> rulesets. According to M$, IPSEC is not intended to be a firewall.
> Please visit http://www.ibb.gatech.edu/~jglass/tips-n-tricks/windowsipsec/
> for details.
That makes no sense to me. You would use a firewall to permit or deny
ipsec packets right? So are you saying that if you attempt to permit
ipsec through a M$ firewalled box, it creates a vulnerability?
IPSEC was not intended to be a firewall, but a secure way to pass data
across an public network.
What am I missing?
> Geesh, they can't even get packet filtering right!
Agreed, but I'm still trying to make sense of of the 'IPSEC is not
intended to be a firewall' statement.
--
Until later, Geoffrey Registered Linux User #108567
Building secure systems in spite of Microsoft
More information about the Ale
mailing list