Re: BUG: Win NT TCP/IP Security filters does not get enforced

From: Bill Stackpole (bstackpoleat_private)
Date: Tue Oct 12 1999 - 09:39:59 PDT

Next message: Steve Coleman: "Re: RFP9903: AeDubug vulnerabilty"

Previous message: Darren Moffat: "Re: Your Message Sent on Mon, 11 Oct 1999 18:09:36 +0200"
Maybe in reply to: Stefan Norberg: "BUG: Win NT TCP/IP Security filters does not get enforced"
Next in thread: David LeBlanc: "Re: BUG: Win NT TCP/IP Security filters does not get enforced"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Number reason why security mechanism fail are directly related to
configuration errors.

This is a great example.  The GUI is confusing, the help file minimal and
the documentation. . .unclear, non-existent, ???

To make matters worst, it appears:
  The software enforces the LEAST restrictive rather than the MOST
restrictive rule.
  Refuses to enforce the rule for certain protocols.
  Ignores the rules and transmits certain core Microsoft protocols unless
you unbind them from the card.

I couldn't understand why the servers at the company we share our Internet
connection with kept sending packets to my NT
server until I realized that dispite the "security" filters the NT box was
still sending out NETBIOS "management" packets.

> -----Original Message-----
> From:	Stefan Norberg [SMTP:stnorat_private]
> Sent:	Sunday, October 10, 1999 6:22 AM
> To:	BUGTRAQat_private
> Subject:	Re: BUG: Win NT TCP/IP Security filters does not get
> enforced
>
> Todd Sabin writes:
> > Apparently, the way it works is that for UDP and TCP, you completely
> > disable them by changing their setting to "Permit Only", and don't
> > permit any ports, rather than with the IP protocols box.  Since you
> > left UDP at permit all ports, your netcat test got through.
> >
> > The IP Protocols box is protocols other than UDP and TCP.  Except for
> > ICMP.  You can't disable that at all, as you noticed.  Not being able
> > to disable ICMP was discussed on NTBugtraq a little while ago.
> >
>
> It seems that you are right.
> I used PPTP (GRE) to test it and the RAS server did send an ICMP message
> back:
>
> 14:49:19.769569 gre-proto-0x880B (gre encap)
> 14:49:19.769647 RASSERVER > CLIENT: icmp: RASSERVER protocol 47
> unreachable
>
> However, I still consider it a bug. The GUI is misleading. If I configure
> the TCP/IP security using the GUI to "Permit *only* IP protocols: 6
> (TCP)".
> Then EVERYTHING including ICMP and UDP (regardless of other settings)
> should
> be denied and NT should send an ICMP unreachable.
>
> /stefan

Next message: Steve Coleman: "Re: RFP9903: AeDubug vulnerabilty"
Previous message: Darren Moffat: "Re: Your Message Sent on Mon, 11 Oct 1999 18:09:36 +0200"
Maybe in reply to: Stefan Norberg: "BUG: Win NT TCP/IP Security filters does not get enforced"
Next in thread: David LeBlanc: "Re: BUG: Win NT TCP/IP Security filters does not get enforced"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:23 PDT