?BUG? Windows 2000 TCP/IP Filtering does not work

  • Thread starter Thread starter svaardt
  • Start date Start date
S

svaardt

I have Enabled TCP/IP Filtering (All adapters) set.

TCP Ports set to all
UDP Ports set to all
IP Protocols set to 6 = tcp and 17 = udp

After rebooting my machine. I am still able to PING to and from it... PING
uses ICMP protocol (8) so I reckon that unless there's something else that I
have to do, MS TCP/IP Filtering doesnt work for Windows 2000.


Steve
 
It's a bug still.. I believe ICMP is an IP protocol (layer 3),

Look at http://www.iana.org/numbers.html#P

"In the Internet Protocol (IP) [DDN], [RFC791] there is a field, called
Protocol, to identify the next level protocol. "

And guess what, Protocol Number 1 is ICMP, numbers 6 and 17 are tcp & udp
respectively.

1 ICMP Internet Control Message [RFC792]

Since the TCP/IP Filtering box is titled "IP Protocols", and only accepts
numbers I beleive that it does not do what it is supposed to and is
therefore a BUG, of course I am open to informed suggestions otherwise - in
which case can anyone shed some light as to what this box is supposed to
accept and ... filter.



Stev
 
I found a technet article that states you can not block ICMP even if you
exclude protocol #1...
Can anyone tell me why ? What does MS need to do to keep ICMP available on
machines ? Is this yet another security hole ?


svaardt said:
It's a bug still.. I believe ICMP is an IP protocol (layer 3),

Look at http://www.iana.org/numbers.html#P

"In the Internet Protocol (IP) [DDN], [RFC791] there is a field, called
Protocol, to identify the next level protocol. "

And guess what, Protocol Number 1 is ICMP, numbers 6 and 17 are tcp & udp
respectively.

1 ICMP Internet Control Message [RFC792]

Since the TCP/IP Filtering box is titled "IP Protocols", and only accepts
numbers I beleive that it does not do what it is supposed to and is
therefore a BUG, of course I am open to informed suggestions otherwise - in
which case can anyone shed some light as to what this box is supposed to
accept and ... filter.



Stev


Travis Rabe said:
Ping is not an IP Protocol as you have just stated it is ICMP. You need to
get a firewall to remove that functionality.

Travis




that
 
Ping functionality is an echo message in an ICMP raw socket packet. Raw
sockets are those without a predefined protocol handler.

A KB artice at http://support.microsoft.com/?kbid=309798 HOW TO: Configure
TCP/IP Filtering in Windows 2000 contains more information and probably most
relevant is this bit:

"Note that you cannot block ICMP messages, even if you select Permit Only in
the IP Protocols column and you do not include IP protocol 1."

--
This posting is provided "AS IS" with no warranties, and confers no rights.


svaardt said:
It's a bug still.. I believe ICMP is an IP protocol (layer 3),

Look at http://www.iana.org/numbers.html#P

"In the Internet Protocol (IP) [DDN], [RFC791] there is a field, called
Protocol, to identify the next level protocol. "

And guess what, Protocol Number 1 is ICMP, numbers 6 and 17 are tcp & udp
respectively.

1 ICMP Internet Control Message [RFC792]

Since the TCP/IP Filtering box is titled "IP Protocols", and only accepts
numbers I beleive that it does not do what it is supposed to and is
therefore a BUG, of course I am open to informed suggestions otherwise - in
which case can anyone shed some light as to what this box is supposed to
accept and ... filter.



Stev


Travis Rabe said:
Ping is not an IP Protocol as you have just stated it is ICMP. You need to
get a firewall to remove that functionality.

Travis




that
 
I think the following explains this better...

http://msdn.microsoft.com/library/d...n-us/winsock/winsock/tcp_ip_raw_sockets_2.asp


Okay, so why is ICMP put through Raw Sockets ? Why be non-standard ?


interesting article...

http://www.theregister.co.uk/content/archive/19623.html

And more useful info...

http://www.cs.princeton.edu/~mhw/raw/api_icmp.html


Jim Seifert said:
Ping functionality is an echo message in an ICMP raw socket packet. Raw
sockets are those without a predefined protocol handler.

A KB artice at http://support.microsoft.com/?kbid=309798 HOW TO: Configure
TCP/IP Filtering in Windows 2000 contains more information and probably most
relevant is this bit:

"Note that you cannot block ICMP messages, even if you select Permit Only in
the IP Protocols column and you do not include IP protocol 1."

--
This posting is provided "AS IS" with no warranties, and confers no rights.


svaardt said:
It's a bug still.. I believe ICMP is an IP protocol (layer 3),

Look at http://www.iana.org/numbers.html#P

"In the Internet Protocol (IP) [DDN], [RFC791] there is a field, called
Protocol, to identify the next level protocol. "

And guess what, Protocol Number 1 is ICMP, numbers 6 and 17 are tcp & udp
respectively.

1 ICMP Internet Control Message [RFC792]

Since the TCP/IP Filtering box is titled "IP Protocols", and only accepts
numbers I beleive that it does not do what it is supposed to and is
therefore a BUG, of course I am open to informed suggestions otherwise - in
which case can anyone shed some light as to what this box is supposed to
accept and ... filter.



Stev


Travis Rabe said:
Ping is not an IP Protocol as you have just stated it is ICMP. You
need
to
get a firewall to remove that functionality.

Travis




I have Enabled TCP/IP Filtering (All adapters) set.

TCP Ports set to all
UDP Ports set to all
IP Protocols set to 6 = tcp and 17 = udp

After rebooting my machine. I am still able to PING to and from
it...
PING
uses ICMP protocol (8) so I reckon that unless there's something
else
that
I
have to do, MS TCP/IP Filtering doesnt work for Windows 2000.


Steve
 
Back
Top