1
I use a VPN
channel for an online banking client.
This channel is implemented as an NDIS
filter installed on the outbound network interface which gets activated when you insert the smart card.
When activated, this filter amongst other things blocks all incoming connections on the interface (this is the bank's policy and cannot be changed). This means I cannot RDP
to the machine while the filter is active and many other nasty things.
Just setting up a secondary IP
address won't help because the filter blocks incoming connections on the interface level, not on the address level.
Now the question is: is it possible to set up an "alias" for the interface (with another IP
address of course) which receives all packets the physical interface receives but does not have this NDIS
filter bound to it? If it is, how do I do that?
I'm tempted to say 'try it and see'! But thinking about it further - if the banking client/software was designed with this level of security i'm pretty sure they'll have thought of it and secured against it... You're in 'spoofing' territory. – HaydnWVN – 2011-12-05T12:26:04.337
@HaydnWVN: try and see what? – Quassnoi – 2011-12-05T16:20:26.503
Now the question is: can I setup an "alias" for the interface
– HaydnWVN – 2011-12-05T16:38:37.493@HaydnWVN: sorry if I wasn't clear, English is not my first language. Is it possible to setup an alias for the interface in
Windows XP
and if it is, how do I do that? – Quassnoi – 2011-12-05T18:03:01.010You can add additional IP addresses to a Network Interface (within Advanced properties of the TCP/IP settings) – HaydnWVN – 2011-12-06T10:46:53.000
@HaydnWVN: citing myself: Just setting up a secondary IP address won't help because the filter blocks incoming connections on the interface level, not on the address level. I need a clone of the interface (like
eth0:1
inLinux
), not a secondary IP address. Yes, I tried adding a secondary IP, it does not work. – Quassnoi – 2011-12-06T12:09:39.847Cloning the interface is different to an alias, sorry I should have reread your initial question. My only suggestion would be to install a secondary network adaptor to completely isolate the VPN traffic from the standard internet/network traffic. I'm unaware of an easy way of cloning it within XP - without the traffic still being stopped by the filter. – HaydnWVN – 2011-12-06T12:51:44.360