Cox Crow
Asking the Stupid Questions Since 1971
Can I Get Some Help Here?
Gee, Microsoft, you could have made filtering network traffic just a little bit more usable. All you had to do was write a log file, or at least give us the option to log what you're doing.
So I'm applying their so-called IP filters to a host before we deploy it. And, unlike some idiots out there in InternetLand, I use a default DENY rule. So, I add one of those. Then I add the exceptions to the "naff off" rule. And then I apply the filter.
And that doesn't work, because now everything is denied. I suppose that's better than having everything allowed, but it's more than a little annoying. Now I have to leave my chair!
The rudimentary firewall in Windows 2000 applies the rules in an somewhat dynamic fashion. In other words, it's unpredictable. If you permit traffic first, and only then deny it, then things work. Maybe. Who knows? It doesn't log anything.
Update: There are a couple of tools that make the Windows 2000 IP Security Policy more transparent. Of course, neither of these is installed by default, and one must be acquired from the Resource Kit. netdiag
, from the support tools provided on the Windows 2000 CD, can display the status of all networking components. The helpful thing here is that it appears to display the policy filters in the order in which they are applied. The following will spit verbose output for the IPsec test suite to NetDiag.log:
netdiag.exe /v /test:ipsec /l
The other tool is ipsecpol
, part of the Resource Kit, but fortunately available for download. ipsecpol
can be used to set policy from the command line. But the elite programmers at Microsoft wrote it only to set policy, not display it, so you'll want to read the instructions. Knowledge Base article 813878: How to Block Specific Network Protocols and Ports by Using IPsec contains examples.
5:09:45 PM # Google It!
categories: Dear Microsoft, Security, System Administration
Whack-a-Spammer
The BOFH who writes at joat.blog is taking typical BOFH action against comment spams. It's becoming amusing.
12:09:43 PM # Google It!
No Hope
A young Palestinian mother of two, a 3-year-old son and an 18-month- old daughter, made her way to the front of a line of workers at the heavily fortified Erez crossing between Israel and the Gaza Strip Wednesday morning, feigned a medical problem and then detonated a bomb that was strapped to her body, killing herself and four Israelis -- three soldiers and a civilian security inspector, Israeli authorities said. She also wounded seven people, four were Palestinians. —[via MyFreePress.com, emphasis mine]
9:49:51 AM # Google It!
categories: Sadness