IP filtering

Jason

Distinguished
Jul 25, 2003
1,026
0
19,280
Archived from groups: microsoft.public.win2000.security (More info?)

I have applied filtering to first NIC interface and
limited this to only port 80. I have no other allowed
ports on TCP ,UDP, IP

But when I do a penetration test on that nic interface it
shows other ports open.

Is this because live connections ignore any filtering you
do.
Is ther anything I can do maybe to the registry for the
filtering to take effect.

Please advise
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

You have to reboot in order for tcp/ip filtering to take effect. You may also want to
look at using ipsec filtering with permit and block filter actions if for some reason
you do not want to or can not use a firewall. Ipsec filtering is built in, can also
control outbound access, and does not require a reboot. The link below explains more
on how to configure it. --- Steve

http://www.securityfocus.com/infocus/1559

"jason" <anonymous@discussions.microsoft.com> wrote in message
news:2ba4b01c46806$5f5b2dc0$a301280a@phx.gbl...
>
> I have applied filtering to first NIC interface and
> limited this to only port 80. I have no other allowed
> ports on TCP ,UDP, IP
>
> But when I do a penetration test on that nic interface it
> shows other ports open.
>
> Is this because live connections ignore any filtering you
> do.
> Is ther anything I can do maybe to the registry for the
> filtering to take effect.
>
> Please advise
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hi Jason,

You have to create at least two rules. One will allow all connections to
port 80 and second rule will deny everything else. Is your situation such?

Mike

"jason" <anonymous@discussions.microsoft.com> wrote in message
news:2ba4b01c46806$5f5b2dc0$a301280a@phx.gbl...
>
> I have applied filtering to first NIC interface and
> limited this to only port 80. I have no other allowed
> ports on TCP ,UDP, IP
>
> But when I do a penetration test on that nic interface it
> shows other ports open.
>
> Is this because live connections ignore any filtering you
> do.
> Is ther anything I can do maybe to the registry for the
> filtering to take effect.
>
> Please advise
>
 

Jason

Distinguished
Jul 25, 2003
1,026
0
19,280
Archived from groups: microsoft.public.win2000.security (More info?)

Thanks, know where to look now

>-----Original Message-----
>You have to reboot in order for tcp/ip filtering to take
effect. You may also want to
>look at using ipsec filtering with permit and block
filter actions if for some reason
>you do not want to or can not use a firewall. Ipsec
filtering is built in, can also
>control outbound access, and does not require a reboot.
The link below explains more
>on how to configure it. --- Steve
>
>http://www.securityfocus.com/infocus/1559
>
>"jason" <anonymous@discussions.microsoft.com> wrote in
message
>news:2ba4b01c46806$5f5b2dc0$a301280a@phx.gbl...
>>
>> I have applied filtering to first NIC interface and
>> limited this to only port 80. I have no other allowed
>> ports on TCP ,UDP, IP
>>
>> But when I do a penetration test on that nic interface
it
>> shows other ports open.
>>
>> Is this because live connections ignore any filtering
you
>> do.
>> Is ther anything I can do maybe to the registry for the
>> filtering to take effect.
>>
>> Please advise
>>
>
>
>.
>