Re: BUG: Win NT TCP/IP Security filters does not get enforced

David LeBlanc (dleblancMINDSPRING.COM)
Tue, 12 Oct 1999 10:33:54 -0700

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: David LeBlanc: "Re: RFP9903: AeDubug vulnerabilty"
• Previous message: Shawn Tagseth: "I'm an idiot...."
• Next in thread: Bill Stackpole: "Re: BUG: Win NT TCP/IP Security filters does not get enforced"

At 03:21 PM 10/10/99 +0200, Stefan Norberg wrote:

>However, I still consider it a bug. The GUI is misleading. If I configure
>the TCP/IP security using the GUI to "Permit *only* IP protocols: 6 (TCP)".
>Then EVERYTHING including ICMP and UDP (regardless of other settings) should
>be denied and NT should send an ICMP unreachable.

The GUI could definately be improved - here's the deal - the protocol box
allows you to regulate any protocols except TCP, UDP and ICMP. The other 2
boxes regulate TCP and UDP respectively - the protocol box won't control
them. Note that ICMP isn't controlled by this dialog at all. IMHO, the
online help could also be improved - none of these details are in the
online help. Also note that this dialog controls _incoming_ packets only -
outgoing packets are _not_ regulated. IIRC, frags are filtered after
re-assembly.

Hope this helps.

David LeBlanc
dleblancmindspring.com

• Next message: David LeBlanc: "Re: RFP9903: AeDubug vulnerabilty"
• Previous message: Shawn Tagseth: "I'm an idiot...."
• Next in thread: Bill Stackpole: "Re: BUG: Win NT TCP/IP Security filters does not get enforced"

This archive was generated by hypermail 2.0b3 on Tue Oct 12 1999 - 16:33:03 CDT