How can I block port 1025?

Toggle sidebar Toggle sidebar
C

Chris

Distinguished
Dec 7, 2003
2,048
0
19,780
Archived from groups: microsoft.public.win2000.security (More info?)

I am using IPSEC as my firewall, and even after adding
port 1025 to my block list, it still shows up as being
open. I use Harris STAT to scan my systems. The port shows
closed on all of my other machines, but not on one. I am
using the same IPSEC policy on each of my machines. Does
anyone have a suggestion for me?

Thanks,
Chris
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Which port are you blocking? TCP 1025? UDP 1025? Which one is the
report telling you is open? I'm just checking to be sure these are
both the same ports.

That's one reason why IPSec is not a good firewall: there's no logging
to tell you what's going on during troubleshooting.

I hope you've also disabled the registry value that allows anyone to
bypass IPSec filters trivially by using a forged source port.
Information on this is at www.nsa.gov/snac in the Windows 2000
document on IPSec. Note that Microsoft states that IPSec filtering is
not meant to be a firewall, although I will admit that enabling it is
probably better than doing nothing, as long as you are OK with the
lack of logging.


"Chris" <anonymous@discussions.microsoft.com> wrote in message news:<0b3b01c48b7b$36eb3900$a401280a@phx.gbl>...
> I am using IPSEC as my firewall, and even after adding
> port 1025 to my block list, it still shows up as being
> open. I use Harris STAT to scan my systems. The port shows
> closed on all of my other machines, but not on one. I am
> using the same IPSEC policy on each of my machines. Does
> anyone have a suggestion for me?
>
> Thanks,
> Chris
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Is each machine configured individually or do they have the same policy applied via
Group Policy? Netdiag /test:ipsec /v will display the filter on a W2K computer. You
may want to make sure they match up to computers that show a different result.
Gpresult /v can also help if you are in a domain to track down where policy is being
applied from for the computer. --- Steve


"Chris" <anonymous@discussions.microsoft.com> wrote in message
news:0b3b01c48b7b$36eb3900$a401280a@phx.gbl...
>I am using IPSEC as my firewall, and even after adding
> port 1025 to my block list, it still shows up as being
> open. I use Harris STAT to scan my systems. The port shows
> closed on all of my other machines, but not on one. I am
> using the same IPSEC policy on each of my machines. Does
> anyone have a suggestion for me?
>
> Thanks,
> Chris
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom