|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jean-Baptiste Marchand (Jean-Baptiste.Marchand
hsc.fr)Date: Thu Apr 11 2002 - 09:18:56 CDT
"Skinner, Kit" <KSkinnersandstream.com> écrivait (wrote) :
> This still leaves IKE, Multicast and Broadcast traffic unfiltered. There
> were some utilities developed and being developed that were posted to the
> list, but I seem to be missing the links. I remember these tools utilizing
> the rules underlying IP Filtering rules to do filtering by Src/Dest
> Port/Address and becoming more thorough. These controls are of course
> unsupported by MS, but should generate a little bit stiffer restrictions.
> Perhaps the developers still watch the list.
Yes! Using IPsec for IP filtering is probably a bad idea, as some
traffic pass unfiltered.
IP Filtering configured via the RRAS service does not suffer from these
restrictions (and has some minor advantages over IP filtering with IPsec).
But maybe you don't want to run the whole RRAS service just to do IP
filtering on a server : take a look at PktFilter, a W2K service we've
developed that configures the IP filtering device driver of Windows
2000/XP/.NET Server, using filtering rules written in a text file :
http://www.hsc.fr/ressources/outils/pktfilter/
Hope this helps,
Jean-Baptiste Marchand
-- Jean-Baptiste.Marchand
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]