From: first last (in5ecure24hotmail.com)
Date: Tue Apr 20 2004 - 02:34:53 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello everyone,

I have been using IPSec for a while now, i am a fan of it BUT theres 1
weakness that id like to see if theres a way around.

Basicaly It comes down to Source Port Scaning. Now the thing is if you have
a rule that allows trafic to go FROM you:any TO the internet:80 all some one
has to do is scan from port 80 on there pc. poof allowed traffic. So i tryed
to set up more rules ie FROM internet:21,53,80 TO me:21,53,80 and block this
hoping since theres a 2nd more specific rule that it will block all
connections from any:80 TO me:80 since this traffic should never be
happining anyway... but nope dont work...

So my question for you is how can i do a work-around ? there a registery
setting i can fix? set priortys for applying IPSec rules? anything at all

The only thing that i can think that would work is to make tens of thousands
of allow rules like ...

FROM any:1200 TO me:80 allow
FROM any:1201 TO me:80 allow
FROM any:1202 TO me:80 allow and onn and onnn id have to write a script to
write a script to make the rules (unless i made 1 script w/ tens of
thousands of MANUALY writen rules and thats not gunna happen...)

Incase i wasnt to clear i want to prevent source port scaning from reveiling
every thing running on that box, blocking things like

FROM any:80 TO me:80 block
FROM any:80 TO me:135 block
FROM any:80 TO me:445 block ect ect

any ideas?

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now!
http://toolbar.msn.com/go/onm00200415ave/direct/01/

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]