nanog mailing list archives
RE: Operational impact of filtering SMB/NETBIOS traffic?
From: Richard Welty <rwelty () vpnet com>
Date: Sun, 19 Nov 2000 20:04:34 -0500
Ethan Butterfield [mailto:primus () veris org] wrote:
From: Jim Mercer <jim () reptiles org>as i understand it, ipsec doesn't use ports.
Yes and no. IPSec uses UDP port 500 for the ISAKMP key exchange and the tunnel setup, but all other traffic is IP Protocol 50 (ESP) or 51 (AH). Most firewalls I've seen block wierd (i.e., just about everything that's not standard TCP or IP Protocol 1 (ICMP)) by default, or at least flag it as strange.
interestingly enough, ICSA firewall certification requires port 500 (ISAKMP) to be closed, so in theory, you cannot have an ICSA Firewall that also does standards conforming IPSec. there is a loophole, however. ICSA will let you off the hook if your manuals explain how to turn off port 500 in your IPSec capable firewall (or firewall capable IPSec box.) richard
Current thread:
- Re: Operational impact of filtering SMB/NETBIOS traffic?, (continued)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Ethan Butterfield (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Roeland Meyer (Nov 19)
- RE: Operational impact of filtering SMB/NETBIOS traffic? Greg A. Woods (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Stephen J. Wilcox (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? David Avery (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Jeremy T. Bouse (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Stephen J. Wilcox (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 19)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Shawn McMahon (Nov 20)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 20)
- Message not available
- Re: Operational impact of filtering SMB/NETBIOS traffic? Mike Johnson (Nov 20)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Jim Mercer (Nov 20)
- Re: Operational impact of filtering SMB/NETBIOS traffic? Bennett Todd (Nov 20)