[ale] Open Source Firewall for Windows 2000/XP?

Jonathan Glass jonathan.glass at ibb.gatech.edu
Tue Jun 8 09:31:45 EDT 2004


On Tue, 2004-06-08 at 09:27, Jonathan Glass wrote:
> On Tue, 2004-06-08 at 09:19, Geoffrey wrote:
> > Jonathan Glass wrote:
> > > Let me restate that.  The Windows Firewall I mentioned was using Ip
> > > security policies to restrict all incoming traffic, not IPSEC.  I
> > > abbreviated improperly.
> > > 
> > > The problem here is that when you are using IP security policies in
> > > 2000/XP, despite what policies you set (deny all incoming), the Windows
> > > default behavior is to accept all traffic with a source port of
> > > 500|88|(others).
> > > 
> > > Sorry for the miscommunication.
> > 
> > Ah, typical M$ solution.  Do what we (M$) is right regardless of what 
> > the use specifies.  After all we (M$) know better then the stupid user...
> > 
> > Is it possible to explicitly block these ports, or are they ALWAYS open?
> 
> Therein lies the rub.  I have gone through my client machines, and
> killed these services, and closed the ports, but port scanning the
> machines using a source port of 500 still allows me full access to the
> boxes.  :(


Straight from the microsoft documentation on disabling this
kerberos-ipsec exemption:
http://tinyurl.com/3d8f4

>From my colleague working on this project, here is some info on how to filter some of the traffic, though it appears that the problem will still exist.  I'll have to tinker with it.

Jonathan G.



More information about the Ale mailing list