首页 > 系统相关 >IPSEC filters used by Windows 2000 & XP

IPSEC filters used by Windows 2000 & XP

时间:2023-04-09 22:08:32浏览次数:45  
标签:used Windows tcp nmap 2000 filters -- open port

IPSEC filters used by Windows 2000 & XP 
Hi folks,
    As a result of a recent engagement looking at Windows host hardening, I came
across this little trick and thought it might be useful at some point. The Micr
osoft IPSEC filters used by Windows 2000 & XP can be bypassed by choosing a sour
ce port of 88 (Kerberos).First off, Microsoft themselves state that IPSEC filters are not designed as a f
ull featured host based firewall [1] and it is already known that certain types 
of traffic are exempt from IPSEC filters [2] and they can be summarised as:* Broadcast
* Multicast
* RSVP
* IKE
* KerberosIn a Microsoft support note [2] there is the line:
"The Kerberos exemption is basically this: If a packet is TCP or UDP and has a s
ource or destination port = 88, permit."The test host here has a "block all" rule created using:
ipsecpol.exe -x -w REG -p "The Black Knight" -r "NoneShallPass" -n BLOCK -f
0=*::*Normal Nmap scan:
# nmap -sS -v -v -P0 --initial_rtt_timeout 10 --max_rtt_timeout 20 172.25.0.14
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-05-19 18:14 BST Hos
t 172.25.0.14 appears to be up ... good. Initiating SYN Stealth Scan against 172
.25.0.14 at 18:14 The SYN Stealth Scan took 7 seconds to scan 1659 ports. Intere
sting ports on 172.25.0.14: (The 1658 ports scanned but not shown below are in s
tate: filtered)
PORT   STATE  SERVICE
88/tcp closed kerberos-secNmap run completed -- 1 IP address (1 host up) scanned in 7.017 seconds
Port 88 closed is the hint, Nmap again using this source port:
# nmap -sS -v -v -P0 -g 88 --initial_rtt_timeout 10 --max_rtt_timeout 20 172.25.
0.14Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-05-19 18:14 BST Hos
t 172.25.0.14 appears to be up ... good. Initiating SYN Stealth Scan against 172
.25.0.14 at 18:14 Adding open port 445/tcp Adding open port 135/tcp Adding open 
port 139/tcp Adding open port 1433/tcp Adding open port 1027/tcp Adding open por
t 1025/tcp The SYN Stealth Scan took 0 seconds to scan 1659 ports. Interesting p
orts on 172.25.0.14: (The 1653 ports scanned but not shown below are in state: c
losed)
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
1025/tcp open  NFS-or-IIS
1027/tcp open  IIS
1433/tcp open  ms-sql-sNmap run completed -- 1 IP address (1 host up) scanned in 0.367 seconds
As can be seen, the IPSEC filters are bypassed.   Although not designed as a
host based firewall, IPSEC filters are being used as such, particularly to block
popular attacked ports such as NETBIOS, CIFS and SQL, perhaps as [temporary] wo
rm mitigation.In Windows 2003 all of these default exemptions have been removed with the excep
tion of IKE [1] and I believe that this may be incorporated into earlier Windows
versions at some point.Cheers,
            JJ[1] http://support.microsoft.com/default.aspx?scid=kb;EN-US;810207[2] http://support.microsoft.com/default.aspx?scid=kb;EN-US;253169

标签:used,Windows,tcp,nmap,2000,filters,--,open,port
From: https://blog.51cto.com/u_1790502/6179208

相关文章

  • 【学习笔记】在windows下进行基于TCP的本地客户端和服务端socket通信
    文章目录socket介绍java中使用socket基于tcp的socket通信使用ServerSocket类创建一个web服务器:(java)windows下的基于tcp的socket编程(c++写)InetAddress类的方法附录1TCPUDP附录2websocketsocket介绍Socket的英文原义是“孔”或“插座”。在编程中,Socket被称做套接字,是网络通......
  • windows 配置 oh-my-zsh
    电脑一天都对着命令行,同事让我把界面换一下不然太枯燥了,公司的破电脑限制了powershell的使用(真的拉胯),之前在公司电脑上用picgo也用不了orz问了一下群友都说oh-my-zsh好,折腾一下自己的拯救者安装开启WSL的许可使用管理员身份运行powershell输入Enable-WindowsOptionalFea......
  • VisionMobile:移动平台生态系统冲突报告(十三)Chapter C:Windows Phone
    WindowsPhone7是微软新的移动平台,它和微软早期的WindowsMobileOS完全不同。WindowsPhone7于2010年2月在巴塞罗那的移动世界大会(MWC)首次公布。多个移动运营商参与发布,有AT&T,DeutscheTelekom,Orange,SFR,Sprint,TelecomItalia,Telefónica/O2,Telstra,T-MobileUSA,V......
  • windows 10 家庭版安装Docker和portainer汉化版
    目录前景提要存在问题一、Docker的windows版本安装1、官网下载:https://www.docker.com/(没有本文问题的直接下载就好.)2、本文是找到其他版本的Docker,装一个不是最新的版本,就可以了。3、系统修改开启本机的虚拟器(1)开启Hyper-V(2)开启虚拟平台和Linux子系统修改默认的安装路......
  • Windows10锁屏1分钟息屏问题解决 - 桌面、锁屏、屏保一站搞定
    Windows10桌面、锁屏、屏保一站解决一、背景在Windows10以前的Windows中,桌面和锁屏界面的超时息屏时间是一致的,都是简单在控制面板的电源设置中,调整关闭显示器时间即可。但到了Windows10这个世代,电源中的关闭显示器时间,只对桌面有效,也就是对没有锁屏的Windows桌面有效;一旦用户......
  • misc | 解决windows cmd不能正确显示\033彩色字符
    misc|解决windowscmd不能正确显示\033彩色字符今天重装winpwn结果显示的是乱码,很影响,搜了一下发现可以安装一个工具来解决。参考:https://www.cnblogs.com/naiij/p/9772584.html工具:https://github.com/adoxa/ansicon/releases......
  • windows下无法访问静态图片,报错java.net.UnknownHostException
    如果你是这种方式映射静态文件的,那可以继续看下去了@Value("${prop.me.hddir}")privateStringhddir;privatevoidaddstatic(ResourceHandlerRegistryregistry){Stringdir=hddir+"/static/";log.info("启动加资源路径...addResourceHa......
  • windows提权
    Trustedservicepath漏洞原理:服务路径和快捷方式路径具有一个或多个空格美哦与被引号括起,windows会对每一个空格尝试寻找名字与空格前的名字相匹配的程序执行,造成路径拦截形成漏洞当路径中存在没有被引号引起来的服务路径C:\programfiles\commonfiles\service.exe中因为p......
  • Windows 系统 多桌面切换的 鼠标实现
    我作为一个开发者正常在日常的工作环境中大多是使用MacOS系统进行开发。也经常会接触到windows系统。我认为,苹果操作系统在使用体验方面非常人性化,比如提供了很多方便的快捷键和快捷指令。对于我来说,最喜欢的功能就是苹果的多桌面,让我可以更加高效地处理任务。虽然Windows操作......
  • SonarQube 10.0 (macOS, Linux, Windows) - 清洁代码 (Clean Code)
    SonarQubeDataCenterEdition(JavaAppformacOS,Linux,Windows)请访问原文链接:https://sysin.org/blog/sonarqube-10/,查看最新版。原创作品,转载请保留出处。作者主页:sysin.orgSonarCleanCodeIndustryleadingsolutionsIDE|SonarLintFreeIDEextensionthat......