WINS Replication IPSec Script

Discussion in 'other software & services' started by the mul, Dec 4, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Jul 31, 2003
    WINS Replication IPSec Script

    Quick Info

    File Name: WINS Replication Blocker.exe
    Download Size: 122 KB
    Date Published: 12/3/2004
    Version: 1.0


    This is a sample script that can be used to automate the creation of a local registry based IPSec policy on a WINS server.

    WINS Replication Blocker Script version 1.0


    The purpose of this script is to create an IPSec policy on Windows 2000 or later WINS servers that will protect them from remote hosts exploiting a vulnerability in the WINS Replication protocol operating over TCP or UDP port 42.

    This script accomplishes this by creating an IPSec policy with two filter rules that:

    1. Block inbound packets destined for TCP or UDP port 42 from any host
    2. Block outbound packets destined for TCP or UDP port 42 to any host

    These default block rules will break WINS replication between any configured WINS replication partners, so in addition to the rules defined above; if the script is run interactively with no command line parameters it will prompt the user to enter the IP addresses of any WINS replication partners to exempt them from the default ‘block’ rule and allow WINS replication to continue functioning between trusted replication partners.

    If you chose to enter IP addresses of WINS replication partners, the IP addresses you specify will be allowed to communicate with the local WINS server (i.e. these IP addresses will be exempt from the ‘block’ policy being created on the local WINS server).

    All other IP addresses will be unable to communicate with the WINS server on TCP or UDP port 42.

    This script can be run interactively and will guide the user through creating the policy and entering the IP addresses of the WINS replication partners or the script can be used with command line parameters to automate deployment from other scripts such as a logon script or machine startup script.

    For more information please refer to the following knowledge base article:

    890710 How to help protect against a WINS security issue

    System Requirements

    Supported Operating Systems: Windows 2000 Server, Windows Server 2003
    Windows 2000 Server
    Windows Server 2003

    Download from

Thread Status:
Not open for further replies.