From: "Hrvoje Mesing" 

Hi,

Also, I installed new WinXP.SP2 Support tools to activate ipseccmd.exe cappability.

Ok, so i made a test rules (IPSec) to block File Sharing (UDP:137/138/445,
TCP:139/445).
I am filtering all of those ports (becuase they are active and file sharing
is enabled).
I wanted to set Grant for just few IP_s and one subnet. Everything worked
OK until one computer which was not allowed normally connected to the
\\something\share$ which was active.

Ok, then I tested it again. IP_s that were Granted connected normally.
Any/Every other IP_s couldnt. That's OK! Then I found that computer that is
not in the Granted list was having assigned map point to the IPSec
conteolled computer. Ok, I disconnected "net file $num /close"
but same computer accessed share with no problem again.
Ok, then I disconnected shares on that computer, rebooted it. Again I could
map sshare on the IPsec controlled computer. Ok, then I created new IPsec
Rules to specificly block that computer for accessing shares (same ports
but I pointed the computer IP). Same thing, computer could again access
shares.

Computers are in the domain. There are no global IPsec rules. Logged in
user on the both machines is the same: Domain\Administrator == shouldnt be
important, cauze it aint.
Group Policy refreshing is forced every time.

Any ideas ?
Everything works great, even the server, testing env. consisted of 20
computers, except this one computer that constantly have access to shares.

Btw. port TCP/UDP 135 (RPC) is firewalled so there is no data throughput
there either.

I will test more, but this is too weird.

Any ideas ?


Thank You


-+-
M.

--- BBBS/NT v4.01 Flag-5