Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Re: [Users] Problem with WinXP internet connection firewall
.

  • To: Heinrich Rebehn <[EMAIL PROTECTED]>
  • Subject: Re: [Users] Problem with WinXP internet connection firewall
  • From: Ken Bantoft <[EMAIL PROTECTED]>
  • Date: Wed, 18 Jun 2003 07:49:03 -0400 (EDT)
  • Cc: [EMAIL PROTECTED]
  • In-reply-to: <[EMAIL PROTECTED]>
  • Sender: [EMAIL PROTECTED]
.
 
-----BEGIN PGP SIGNED MESSAGE-----


On Wed, 18 Jun 2003, Heinrich Rebehn wrote:

> It seems that my posting hasn't made it to the list, so i repost:
> 
> Hi list,
> 
> I set up a winXP road warrior with dialup connection using Marcus' ipsectool.
> By default, WinXP enables the internet connection firewall (ICF) for dialup
> connections.
> This produces strange results: I can ping a host in the rightsubnet, but cannot
> telnet (ICMP works, but TCP doesn't).
> If i disable the ICF, things work fine, but everyone on the internet can access
> my machine.
> 
> AS i am using OpenBSD as the IPsec gateway (not Linux FreeS/Wan) my question:
> - Is this a known problem with FreeS/Wan too?

There is no problem on either OpenBSD, or FreeS/WAN... the problem lies in 
ICF.  The only way to get around it that I can see would be to use a 
commercial client like SSH Sentinel or SafeNet, which bypass ICF entirely, 
and thus aren't subject to it's broken-wanna-be "firewall" capabilities.  
The other option is to get another software firewall like BlackIce, 
ZoneAlarm, etc... since you can actually modify the filters easily enough.

> I have not yet found a way to extend the filtering rules on WinXP to prevent
> access for anyone but the IPsec gateway. It seems that WinXP lets me activate
> only one IP security policy at a time, and it makes no use to edit the FreeSwan
> policy, since it is overwritten every time i tstart IPsec.
> 
> I hope i have made my problem clear, i will happily provide more info if required.
> 
> Any ideas?
> 
> Heinrich
> 

- -- 
Ken Bantoft                Super FreeS/WAN Maintainer
[EMAIL PROTECTED]            http://www.freeswan.ca
                           PGP Key: finger [EMAIL PROTECTED]
"We can factor the number 15 with quantum computers. We 
can also factor the number 15 with a dog trained to bark 
three times."       -- Robert Harley, 5/12/01, Sci.crypt

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCUAwUBPvBRsViWUusaxGxpAQGgfgP41p02k6hglNBFQUAJdBj9R39P+1a2cMZE
xtY6/ST47jGrYmrIjGeXlEYIRyvb2zM6VX7uTSV71O50iOB9tsPfzSjz67f9nRum
7+8X5G1/5xapFFaWy/5QcxHHYzO6tIzJOPqpQw7d9Xkg9c//tfg9GcOJNduXMptF
sgnSU8gVhQ==
=gjVd
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
[EMAIL PROTECTED]
http://lists.freeswan.org/mailman/listinfo/users
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.