It may also be possible to use a commercial firewall with stateful packet
inspection and built-in IP filtering. Similar to how ZoneAlarm works, one
may be able to accomplish it that way. In fact, I think one could. Check
ZoneAlarm.com and download and scrap NT's port filtering altogether...

Sean
----- Original Message -----
From: "c0ncept" <c0nceptHUSHMAIL.COM>
To: <FOCUS-MSSECURITYFOCUS.COM>
Sent: Friday, April 06, 2001 11:44 AM
Subject: Re: binding services to specific IP numbers.

> Nope...you can't really specify what IP address you want a program
> to bind to, unless the program allows that functionality. The function
> bind() associates a program with a port number, one of tha paramters you
> pass to bind() is a SOCKADDR structure . One member of the function is
> s_data, which contains the protocol-specific address information.
> So it's really the programmers decision, unless the programmer
> decides to provide an interface from within the program. I'm not sure how
NT
> works under the hood, so I don't know what it would take to write a
generic
> utility to accomplish this: I would imagine it would involve some kernel
> trickery..or a rewrite of the networking code.
> If anybody knows of such a utility, I would be intrested in seeing
> the source.
>
> --c0ncept
>
> -----Original Message-----
> From: Focus on Microsoft Mailing List
[mailto:FOCUS-MSSECURITYFOCUS.COM]On
> Behalf Of Sean Eby
> Sent: Thursday, April 05, 2001 1:49 PM
> To: FOCUS-MSSECURITYFOCUS.COM
> Subject: Re: binding services to specific IP numbers.
>
>
> Interesting, I have not heard of a generic utility that will allow NT to
do
> that. As stated, Symantec may have that ability, but as far as other
> applications, you may be out of luck unless each specific application
allows
> you to specify which interfaces and/or which IP's your machine is used to
> listen on. Also, you MAY be able to configure one interface or another
with
> IP filtering. In other words, filter the port Pc Anywhere uses to listen
on
> on the interface you don't want people to be able to access it with... ???
> Not sure.
>
> Sean
> ----- Original Message -----
> From: "Matt Cole" <mcoleSIGPC.COM>
> To: <FOCUS-MSSECURITYFOCUS.COM>
> Sent: Wednesday, April 04, 2001 7:10 PM
> Subject: Re: binding services to specific IP numbers.
>
>
> I'm not sure about any other services, but it can be done with PC
> Anywhere in versions 8+. There is a tech document on the Symantec web
> page that describes the registry edit. If you can't find it, let me know
> any I'll dig it up.
>
> -R. Matthew Cole
> MCSE, MCP+I, NT-CIP
> Field Services Manager
> EPOS Corporation
>
> -----Original Message-----
> From: Reuven Twito [mailto:reuvenSPIDERSERVICES.COM]
> Sent: Wednesday, April 04, 2001 2:12 PM
> To: FOCUS-MSSECURITYFOCUS.COM
> Subject: binding services to specific IP numbers.
>
> Hi there All,
>
> I am looking for a way to bind services to only
> specific IP numbers on a multihomed NT machines (NT4 and 2000).
>
> the idea is to have two interfaces on the NT box one for administration
> purposes and one for production.
>
> what I would like to do is to use some services ( say PC-anywhere )
> that will only bind to the IP number of the administration card.
>
> any one knows if I can do that ??
>
> TIA...
>
> Reuven Twito
>
> Chief technologies officer
> Spider Solution LTD.
> Tel: +972-3-576-6980
> mobile: +972-50-641549
> Fax: +972-3-751-3626
> 06 Ha'chilazon Street
> Ramat Gan 52522, Israel
> E-mail: reuvenspiderservices.com
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]