John,

See Microsoft support article Q230082,
<http://support.microsoft.com/support/kb/articles/Q230/0/82.asp>. I've
checked and it is off by default. You may want to use a group policy to
enforce disabling the setting.

Tim S. Dunlevy
BIS Computing Systems Group
The Johns Hopkins University Applied Physics Laboratory
11100 Johns Hopkins Rd.
Laurel, MD. 20723-6099
(443) 778-0366

-----Original Message-----
From: John Girvin [mailto:john.girvinOSARIUS.COM]
Sent: Thursday, April 12, 2001 4:04 AM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: Re: 2K/NT packet filter recommendations?

> snort does not do anything like he was asking. snort is a very good basic
> ids.
FWIW, the latest 1.7 "FlexRESP" (Flexible RESPonse) release of
Snort can send tcp resets or icmp unreachable packets back in
response to packets that match any of its rules.

Or at least thats what the docs say; theres problems with this
code on 2K Advanced Server and I cant get it to work (yet?)

> windows 2000 offers some sembelance of what you are looking for.
> look into the IP security policy for your machine. The rulesets
> allowed can be pretty much as complex as you need in a simple packet
> filtering situation.
OK thanks I'll check that out. I thought that stuff was about
IPSec / VPNs etc...

One extra question now ... on NT4 theres a checkbox to enable/disable
IP forwarding between interfaces on a multihomed box ... where's that
gone in 2K? I know its /supposed/ to be off by default, but we're a
paranoid bunch and I'd like to check and be sure :)

Cheers,
/John

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]