Stefan Norberg <stnorat_private> writes: > Regardless of settings in the TCP/IP Security filters any IP protocol is > accepted. > Not quite, although it is confusing. > TCP/IP security configuration example: > > Permit all TCP ports, Permit all UDP ports, Permit only IP protocols: 6 > > The easiest way to prove it's broken is to configure it to only allow > IP-protocol 6 (TCP) and then ping (ICMP) the host. ICMP being IP protocol 1 > of course. > > Another simple way to test this is to use Weld Pond's NT-port of Hobbit's > netcat (http://www.l0pht.com/~weld/netcat/ ) to set up a udp-listener on a > host that is supposed to block udp. Then use netcat on another host to send > it a nice message. > Apparently, the way it works is that for UDP and TCP, you completely disable them by changing their setting to "Permit Only", and don't permit any ports, rather than with the IP protocols box. Since you left UDP at permit all ports, your netcat test got through. The IP Protocols box is protocols other than UDP and TCP. Except for ICMP. You can't disable that at all, as you noticed. Not being able to disable ICMP was discussed on NTBugtraq a little while ago. Todd
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:09 PDT