Port filtering with IPSEC

G

Guest

Hello all

I know that it's hard to get a "tutorial" on a newsgroup but here goes....

Background: I want to construct some kind of "virus cleaning lab". I was thinking of setting up a multihomed Windows XP machine with ICS and port filtering through IpSec. My idea is that if I have to clean out a virus infected machine (and have to quite often now) then I could plug it in as a ICS-client of the winXP machine and the port-filtering would prevent any virus to spread. At the same time I want be able to connect the infected computer to Windows update in order to patch it and run an kind of online virus cleaning (for example "Housecall" to Trend Micro)

First question: Is this a good way to do it?? If anyone has a better suggestion on how to do this then I'd love to hear about it

Second question: The embarasing part is that I can't configure ipsec filtering correctly. I'm using local policy and have set up filtering to block all IP-traffic except TCP port 53 and 80. The result is that I can't connect to Windows Update. "Page cannot be displayed". I then allowed ports 1063-65535 (kinda ruins my idea of containing the virus but I had to try) and ICMP. Still no dice. What am I doing wrong??? I thought that opening 53 (DNS) and 80 (HTTP) and closing the rest ought to do the trick...
 
S

Steven L Umbach

I think it makes more sense to have a totally isolated network for infected machines.
You could try to get another IP address from your ISP and have a separate
router/firewall using that address and use the network behind it as a quarantine
network.

As far as ipsec. Start with a mirrored block all IP rule and then create a rule for
permitted traffic that contains the mirrored exceptions in the filter list such as
source address - my computer, destination address - any address, source port - any,
protocol - udp for dns and tcp for http, destination port - 80 for http and 53 for
dns. --- Steve


Per-Torben said:
Hello all.

I know that it's hard to get a "tutorial" on a newsgroup but here goes.....

Background: I want to construct some kind of "virus cleaning lab". I was thinking
Click to expand...
of setting up a multihomed Windows XP machine with ICS and port filtering through
IpSec. My idea is that if I have to clean out a virus infected machine (and have to
quite often now) then I could plug it in as a ICS-client of the winXP machine and the
port-filtering would prevent any virus to spread. At the same time I want be able to
connect the infected computer to Windows update in order to patch it and run an kind
of online virus cleaning (for example "Housecall" to Trend Micro).
First question: Is this a good way to do it?? If anyone has a better suggestion on
Click to expand...
how to do this then I'd love to hear about it.
Second question: The embarasing part is that I can't configure ipsec filtering
Click to expand...
correctly. I'm using local policy and have set up filtering to block all IP-traffic
except TCP port 53 and 80. The result is that I can't connect to Windows Update.
"Page cannot be displayed". I then allowed ports 1063-65535 (kinda ruins my idea of
containing the virus but I had to try) and ICMP. Still no dice. What am I doing
wrong??? I thought that opening 53 (DNS) and 80 (HTTP) and closing the rest ought to
do the trick....
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IPSec Filtering 1
Windows XP pro Packet Filtering, want to block kazaa 2
IPSec and TCP/IP filtering 3
IPSEC: export filtering settings 5
IPSec Help Requested 1
ipsec filtering and oracle port 1521 1
Bypass Firewall with IPSEC 1
port security and policy problems 2

Top