Filtering incoming IP Protocols doesn't work ?

S

Steve

Hello,

I've setup the "Enable TCP/IP filtering" on my W2K box to only permit IP
Protocols 6 & 17. However my Sygate firewall is still logging incoming
ICMP... why would that be the case ?

Steve
 
M

Miha Pihler [MVP]

If you disable Sygate and use ICMP (e.g. ping) do you get ping reply?

If not then the reasons for Sygate to show the ICMP packets is that it sees
the packets before Windows filter gets to discard them.

I hope this helps,
 
S

Steve

Hi Steven

Good article, thanks.

Though the more I encounter these "nuiances" the more I draw parallels to
buying a used car & finding out the bad news later on... and of course, the
ubiquitious fine print on the contract says I can't take it back or get it
fixed.


Steve
 
R

Roger Abell

The technology you are attempting to apply is very old, reaching
back to having an implementation in at least NT 3.5
You probably should look into using IPsec in a filtering mode
instead of the older filter defined with the nic properties.
 
S

Steven L Umbach

Tcp/Ip filtering has its uses but is not well understood. For instance as I
mentioned it does not work with ICMP, it blocks inbound only, and it is
stateful for TCP only - not UDP which trips up a lot of users because dns
uses UDP. As Roger said consider ipsec filtering. Ipsec became available in
Windows 2000. Ipsec filtering however should not be considered a full
feature firewall and it is NOT stateful but it is built into the operating
system, can filer ICMP, and can also manage outbound traffic. See the links
below if you are interested in ipsec filtering or ipsec in general. FYI the
main purpose of ipsec is to authenticated computers for network
communications via Security Association and secure traffic with ESP/AH which
can encrypt and insure the integrity on network traffic. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;313190
http://www.securityfocus.com/infocus/1559
http://www.microsoft.com/windows2000/technologies/communications/ipsec/default.mspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

?BUG? Windows 2000 TCP/IP Filtering does not work 4
W2K TCP/IP Filtering 3
IPSec and TCP/IP filtering 3
TCP/IP filtering - IP Protocols 1
Wich protocol numbers? 16
TCP/IP filtering 1
TCP/IP Filtering - Help Please 2
Question about "Enable TCP/IP Filtering" 2

Top