Bugtraq mailing list archives
Re: BUG: Win NT TCP/IP Security filters does not get enforced
From: tsabin () BOS BINDVIEW COM (Todd Sabin)
Date: Sat, 9 Oct 1999 22:47:38 -0400
Stefan Norberg <stnor () SWEDEN HP COM> writes:
Regardless of settings in the TCP/IP Security filters any IP protocol is accepted.
Not quite, although it is confusing.
TCP/IP security configuration example: Permit all TCP ports, Permit all UDP ports, Permit only IP protocols: 6 The easiest way to prove it's broken is to configure it to only allow IP-protocol 6 (TCP) and then ping (ICMP) the host. ICMP being IP protocol 1 of course. Another simple way to test this is to use Weld Pond's NT-port of Hobbit's netcat (http://www.l0pht.com/~weld/netcat/ ) to set up a udp-listener on a host that is supposed to block udp. Then use netcat on another host to send it a nice message.
Apparently, the way it works is that for UDP and TCP, you completely disable them by changing their setting to "Permit Only", and don't permit any ports, rather than with the IP protocols box. Since you left UDP at permit all ports, your netcat test got through. The IP Protocols box is protocols other than UDP and TCP. Except for ICMP. You can't disable that at all, as you noticed. Not being able to disable ICMP was discussed on NTBugtraq a little while ago. Todd
Current thread:
- The old "." problem, (continued)
- The old "." problem nblasgen () NICK REFRACT COM (Oct 13)
- Re: The old "." problem David Zverina (Oct 14)
- Re: The old "." problem S.Faust (Oct 16)
- Gauntlet 5.0 BSDI warning Keith Young (Oct 18)
- Re: Gauntlet 5.0 BSDI warning Strange (Oct 18)
- Re: Gauntlet 5.0 BSDI warning Keith Young (Oct 18)
- Email virus on the prowel Albert Hopkins (Oct 19)
- Another Microsoft Java Flaw Disovered Gary McGraw (Oct 14)
- Administrivia Elias Levy (Oct 14)