WhatIsMyIPAddress.com blocked by IPSec policy?

Post your questions about IP address geolocation here.
Locked
CoolGuy
New Member
Posts: 3
Joined: Sun Aug 15, 2010 7:09 am

WhatIsMyIPAddress.com blocked by IPSec policy?

Post by CoolGuy » Sun Aug 15, 2010 7:42 am

Hi,

This is not a "IP Lookup Help" question per se, but rather a strange problem when trying to access WhatIsMyIPAddress.com and I would like to know if there is a better workaround than what I came up with.

We have a Pelco IP camera system in place. According to Pelco manual, they are using IPSec to "protect from unwanted or potentially damaging netword requests by not responding to any unsecured communication across the network, whether friendly or malicious."

The problem is that when their policy is enabled and assigned, we can no longer consult WhatIsMyIPAddress.com and we get "Internet Explorer cannot display the webpage". As soon as we unassign the policy, we can open WhatIsMyIPAddress.com. By the way, we have not conducted extensive tests, but it seems to only affect WhatIsMyIPAddress.com.

So far, the only workaround is to unassign the policy (using MMC and the IP Security Policies snap-in). It does not prevent our Pelco camera system from working but, according to the manual, it exposes it to potentially "damaging network requests."

The policy goes as follows (from the registry as it is easier to copy and paste):

----8<----

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy{8f95479c-bdb4-487f-88af-332db45edcd3}]
"ClassName"="ipsecPolicy"
"description"="Allows DX8000 Client to communicate with IPSec-enabled DX8000 Servers."
"name"="ipsecPolicy{8f95479c-bdb4-487f-88af-332db45edcd3}"
"ipsecName"="DX8000"
"ipsecID"="{8f95479c-bdb4-487f-88af-332db45edcd3}"
"ipsecDataType"=dword:00000100
"ipsecData"=hex:63,21,20,22,4c,4f,d1,11,86,3b,00,a0,24,8d,30,21,04,00,00,00,30,\
2a,00,00,00
"ipsecISAKMPReference"="SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local\\ipsecISAKMPPolicy{d3f5a14e-d3fa-4e21-90d4-3b9c02b1bd28}"
"whenChanged"=dword:404516cb
"ipsecNFAReference"=hex(7):53,00,4f,00,46,00,54,00,57,00,41,00,52,00,45,00,5c,\
00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,69,00,63,00,\
72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,\
00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,6c,00,69,00,\
63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,00,73,00,65,\
00,63,00,4e,00,46,00,41,00,7b,00,38,00,66,00,66,00,65,00,36,00,64,00,32,00,\
35,00,2d,00,31,00,35,00,63,00,64,00,2d,00,34,00,30,00,30,00,33,00,2d,00,39,\
00,36,00,31,00,63,00,2d,00,38,00,39,00,35,00,65,00,33,00,31,00,35,00,61,00,\
66,00,65,00,35,00,35,00,7d,00,00,00,53,00,4f,00,46,00,54,00,57,00,41,00,52,\
00,45,00,5c,00,50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,5c,00,4d,00,\
69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,\
00,6f,00,77,00,73,00,5c,00,49,00,50,00,53,00,65,00,63,00,5c,00,50,00,6f,00,\
6c,00,69,00,63,00,79,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,69,00,70,\
00,73,00,65,00,63,00,4e,00,46,00,41,00,7b,00,61,00,66,00,32,00,39,00,64,00,\
31,00,34,00,31,00,2d,00,31,00,38,00,61,00,63,00,2d,00,34,00,65,00,35,00,35,\
00,2d,00,39,00,64,00,32,00,34,00,2d,00,30,00,31,00,64,00,33,00,33,00,62,00,\
63,00,30,00,66,00,38,00,33,00,35,00,7d,00,00,00,00,00

----8<----

I would be extremely grateful if someone can explain to me why this policy is preventing specifically WhatIsMyIPAddress.com to load and how to modify it so that it allows access to WhatIsMyIPAddress.com while protecting the Pelco camera system at the same time.

Thanks in advance to anyone who could help with this peculiar problem.

User avatar
Chrispcritters
Forum Administrator
Posts: 2463
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: WhatIsMyIPAddress.com blocked by IPSec policy?

Post by Chrispcritters » Sun Aug 15, 2010 2:08 pm

Have you checked with the software manufacturer?
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

CoolGuy
New Member
Posts: 3
Joined: Sun Aug 15, 2010 7:09 am

Re: WhatIsMyIPAddress.com blocked by IPSec policy?

Post by CoolGuy » Sun Aug 15, 2010 3:01 pm

Yes, we have. Apart from suggesting we contact the owner of WhatIsMyIPAddress.com, they had no idea and were of no help.

User avatar
Chrispcritters
Forum Administrator
Posts: 2463
Joined: Tue Mar 02, 2010 5:41 pm
Location: 127.0.0.1 | ::1
Contact:

Re: WhatIsMyIPAddress.com blocked by IPSec policy?

Post by Chrispcritters » Sun Aug 15, 2010 4:30 pm

Sorry, since it's is not our software we have no idea why you cannot access the site when using it. Seems odd that the people who wrote the software can't answer the question as to why you can't access our site.
Founder & CEO of WhatIsMyIPAddress.com.
You can follow me on Twitter and Facebook for some behind the scenes info.

CoolGuy
New Member
Posts: 3
Joined: Sun Aug 15, 2010 7:09 am

Re: WhatIsMyIPAddress.com blocked by IPSec policy?

Post by CoolGuy » Sun Aug 15, 2010 5:02 pm

Well, maybe I was not clear as the problem is a bit complex and took me a while to figure out. Actually, the problem is not with the software but with a Microsoft IPSec policy that the software creates during the install. However, anyone could create that policy (hence my registry snapshot) or by using the Microsoft Management Console with the IP Security Policies snap-in) without even having the software installed.

Therefore, the problem occurs whether the software is used or not; it occurs because of that IPSec policy. As a matter of fact, going on another machine that had not the camera software installed, I am able to block it from accessing your site by implementing the very same policy.

There is a very interesting article (Block Web Browsing with IPSec) available from the Petri IT Knowledgebase (http://www.petri.co.il/block_web_browsi ... _ipsec.htm) that goes pretty much in details on how to prevent someone from browsing the Internet with IPSec. I read it but I still cannot figure out why it block your site specifically and not other similar sites. Are you exchanging (or attempting to exchange) security certificates or other type of information that would fool the IPSec policy into thinking you are the IP camera system?

Locked

Who is online

Users browsing this forum: No registered users and 1 guest