Regardless of settings in the TCP/IP Security filters any IP protocol is accepted. TCP/IP security configuration example: Permit all TCP ports, Permit all UDP ports, Permit only IP protocols: 6 The easiest way to prove it's broken is to configure it to only allow IP-protocol 6 (TCP) and then ping (ICMP) the host. ICMP being IP protocol 1 of course. Another simple way to test this is to use Weld Pond's NT-port of Hobbit's netcat (http://www.l0pht.com/~weld/netcat/ ) to set up a udp-listener on a host that is supposed to block udp. Then use netcat on another host to send it a nice message. CLIENT: C:\>nc -u server 5000 tcp/ip security is broken :) SERVER: C:\>nc -u -l -p 5000 tcp/ip security is broken :) windump: listening on \Device\Packet_El90x1 18:49:06.731069 CLIENT.3533 > SERVER.5000: udp 29 Seems pretty broken to us... Tested on NT4.0 SP5 (both w. no hotfixes and all hotfixes) Regards, Stefan Norberg (stnorat_private , http://people.hp.se/stnor) Daryl Banttari (darylat_private)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:02 PDT