Page 1 of 1

WhatIsMyIPAddress.com blocked by IPSec policy?

Posted: Sun Aug 15, 2010 7:42 am
by CoolGuy
Hi,

This is not a "IP Lookup Help" question per se, but rather a strange problem when trying to access WhatIsMyIPAddress.com and I would like to know if there is a better workaround than what I came up with.

We have a Pelco IP camera system in place. According to Pelco manual, they are using IPSec to "protect from unwanted or potentially damaging netword requests by not responding to any unsecured communication across the network, whether friendly or malicious."

The problem is that when their policy is enabled and assigned, we can no longer consult WhatIsMyIPAddress.com and we get "Internet Explorer cannot display the webpage". As soon as we unassign the policy, we can open WhatIsMyIPAddress.com. By the way, we have not conducted extensive tests, but it seems to only affect WhatIsMyIPAddress.com.

So far, the only workaround is to unassign the policy (using MMC and the IP Security Policies snap-in). It does not prevent our Pelco camera system from working but, according to the manual, it exposes it to potentially "damaging network requests."

The policy goes as follows (from the registry as it is easier to copy and paste):

----8<----

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{8f95479c-bdb4-487f-88af-332db45edcd3}]
"ClassName"="ipsecPolicy"
"description"="Allows DX8000 Client to communicate with IPSec-enabled DX8000 Servers."
"name"="ipsecPolicy{8f95479c-bdb4-487f-88af-332db45edcd3}"
"ipsecName"="DX8000"
"ipsecID"="{8f95479c-bdb4-487f-88af-332db45edcd3}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:63,21,20,22,4c,4f,d1,11,86,3b,00,a0,24,8d,30,21,04,00,00,00,30,\
2a,00,00,00
"ipsecISAKMPReference"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecISAKMPPolicy{d3f5a14e-d3fa-4e21-90d4-3b9c02b1bd28}"
"whenChanged"=dword:404516cb
"ipsecNFAReference"=hex(7):53,00,4f,00,46,00,54,00,57,00,41,00,52,00,45,00,5c,\
00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,69,00,63,00,\
72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,6c,00,69,00,\
63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,00,73,00,65,\
00,63,00,4e,00,46,00,41,00,7b,00,38,00,66,00,66,00,65,00,36,00,64,00,32,00,\
35,00,2d,00,31,00,35,00,63,00,64,00,2d,00,34,00,30,00,30,00,33,00,2d,00,39,\
00,36,00,31,00,63,00,2d,00,38,00,39,00,35,00,65,00,33,00,31,00,35,00,61,00,\
66,00,65,00,35,00,35,00,7d,00,00,00,53,00,4f,00,46,00,54,00,57,00,41,00,52,\
00,45,00,5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,\
69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,\
00,6f,00,77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,\
6c,00,69,00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,\
00,73,00,65,00,63,00,4e,00,46,00,41,00,7b,00,61,00,66,00,32,00,39,00,64,00,\
31,00,34,00,31,00,2d,00,31,00,38,00,61,00,63,00,2d,00,34,00,65,00,35,00,35,\
00,2d,00,39,00,64,00,32,00,34,00,2d,00,30,00,31,00,64,00,33,00,33,00,62,00,\
63,00,30,00,66,00,38,00,33,00,35,00,7d,00,00,00,00,00

----8<----

I would be extremely grateful if someone can explain to me why this policy is preventing specifically WhatIsMyIPAddress.com to load and how to modify it so that it allows access to WhatIsMyIPAddress.com while protecting the Pelco camera system at the same time.

Thanks in advance to anyone who could help with this peculiar problem.

Re: WhatIsMyIPAddress.com blocked by IPSec policy?

Posted: Sun Aug 15, 2010 2:08 pm
by Chrispcritters
Have you checked with the software manufacturer?

Re: WhatIsMyIPAddress.com blocked by IPSec policy?

Posted: Sun Aug 15, 2010 3:01 pm
by CoolGuy
Yes, we have. Apart from suggesting we contact the owner of WhatIsMyIPAddress.com, they had no idea and were of no help.

Re: WhatIsMyIPAddress.com blocked by IPSec policy?

Posted: Sun Aug 15, 2010 4:30 pm
by Chrispcritters
Sorry, since it's is not our software we have no idea why you cannot access the site when using it. Seems odd that the people who wrote the software can't answer the question as to why you can't access our site.

Re: WhatIsMyIPAddress.com blocked by IPSec policy?

Posted: Sun Aug 15, 2010 5:02 pm
by CoolGuy
Well, maybe I was not clear as the problem is a bit complex and took me a while to figure out. Actually, the problem is not with the software but with a Microsoft IPSec policy that the software creates during the install. However, anyone could create that policy (hence my registry snapshot) or by using the Microsoft Management Console with the IP Security Policies snap-in) without even having the software installed.

Therefore, the problem occurs whether the software is used or not; it occurs because of that IPSec policy. As a matter of fact, going on another machine that had not the camera software installed, I am able to block it from accessing your site by implementing the very same policy.

There is a very interesting article (Block Web Browsing with IPSec) available from the Petri IT Knowledgebase (http://www.petri.co.il/block_web_browsi ... _ipsec.htm) that goes pretty much in details on how to prevent someone from browsing the Internet with IPSec. I read it but I still cannot figure out why it block your site specifically and not other similar sites. Are you exchanging (or attempting to exchange) security certificates or other type of information that would fool the IPSec policy into thinking you are the IP camera system?