MS04-11, SSL, and ISA Server

From: Kim, Cameron (CKim_at_MDEA.COM)
Date: 04/29/04

  • Next message: Richard Buckingham: "Microsoft Security Bulletin Search" 
    Date:         Wed, 28 Apr 2004 18:12:15 -0700
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Can this DoS be performed against an ISA server which proxies the SSL
    connections? Most of the reports and comments have mentioned the fact
    that DoS can be performed against IIS servers using SSL connections. But
    I am not sure if the ISA Server 2000 web proxy actually uses the
    Microsoft SSL Library. One would suppose so...

    Cameron Kim
    Mitsubishi Digital Electronics America

    -----
    Earn up to 10 credit course hours toward the TruSecure ICSA Practitioner (TICSA) Credential and receive a TICSA exam coupon by attending the Infosecurity Canada 2004 conference. Featured speaker, Marcus J. Ranum, TruSecure inventor of the proxy firewall will present on June 3 at 11:30 AM. Visit <https://ticsa.trusecure.com> for certification details and <http://www.infosecuritycanada.com> for conference information. Become TICSA certified and see what happens!
    -----

  • Next message: Richard Buckingham: "Microsoft Security Bulletin Search"

    Relevant Pages

    • Re: Installing ISA Server for first time
      ... For the client connection limit, it is by default 160 after you install ISA ... connections" option. ... Microsoft CSS Online Newsgroup Support ... just two days ago I reinstalled ISA Server SP1 as well as ISA Server ...
      (microsoft.public.windows.server.sbs)
    • Re: Cannot conntect to ActiveSync 4.1 / WM 5
      ... the PPC device was plugged in, you couldn't connect to ISA server. ... you've followed the steps in the Troubleshooting ActiveSync 4.1 ... connections from www.microsoft.com/mobile? ...
      (microsoft.public.pocketpc.activesync)
    • ipopd3 core dumps - cant log into pop3 server
      ... -ERR Unknown AUTHORIZATION state command ... normal unencrypted password connections and let the user enable ssl if they ...
      (freebsd-questions)
    • Re: Window could not search for new updates.
      ... Windows Update error 8024402C ... Click the Connections tab, ... Turn on the "Automatically detect ISA server" feature in ISA ... | If you are using Microsoft ISA Firewall Client, ...
      (microsoft.public.windowsupdate)
    • Re: SSL VPN appliance vs ISA server
      ... If you have the opportunity to use IAG then do it. ... I disagree with the term SSL VPN,...it may be SSL but there is nothing "VPN" ... Microsoft ISA Server Partners: Partner Hardware Solutions ... points to using a reverse proxy like ISA server or a SSL VPN appliance to ...
      (microsoft.public.isa.configuration)