Re: Something about ISA Server 2000...

From: Ryan Permeh (ryan@eEye.com)
Date: 10/26/01 

Message-ID: <060401c15db4$7d19e4f0$1e01a8c0@eCompany.gov>
From: "Ryan Permeh" <ryan@eEye.com>
To: "Deji" <deji@prontomail.com>, "Los, Ralph" <rlos@EnvestNet.com>, "'Progenit Service S.r.l.'" <agente_progenit@public.iunet.it>, <focus-ms@securityfocus.com>
Subject: Re: Something about ISA Server 2000...
Date: Thu, 25 Oct 2001 17:23:51 -0700

not to knock isa server(i haven't had much of a chance to look it over), but
for the record, there have been a few DOS attacks, and one heap corruption
attack with the possibility to execute code.
search sf for the dos, and here is a link to dark spyrit's explanation of
the attack against the heap corruption vuln/
http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=179986

basically, just because nobody has a script doesn't mean that nobody can
make an isa server do bad things:)
Signed,
Ryan Permeh
eEye Digital Security Team
http://www.eEye.com/Retina -Network Security Scanner
http://www.eEye.com/Iris -Network Traffic Analyzer
http://www.eEye.com/SecureIIS -Stop Known and Unknown IIS Vulnerabilities

----- Original Message -----
From: "Deji" <deji@prontomail.com>
To: "Los, Ralph" <rlos@EnvestNet.com>; "'Progenit Service S.r.l.'"
<agente_progenit@public.iunet.it>; <focus-ms@securityfocus.com>
Sent: Thursday, October 25, 2001 1:35 PM
Subject: Re: Something about ISA Server 2000...

> Ralph, I noticed that you didn't elaborate on your dislike of ISA. I
> personnaly use it and have been satisfied with it SO FAR. There are a
couple
> of things that may turn people off of it, I know. The biggest of this is
> non-familiarity and the apparent difficulty in configuration. But those
are
> not things that should turn you off of a GOOD product. I am happy to say
> that ISA kept all of my servers out of both Nimda and CodeRed's harm, even
> where the patches were not present on the Web Servers.
>
> I like ISA. When properly configured, it's solid. I bitch about things
that
> I would like to see in it, but so do my CheckPoint FW-1 colleagues.
Another
> plus, no KNOWN exploit exists for it yet.
>
> Deji
> p.s: I do NOT speak for MS
>
> ----- Original Message -----
> From: "Los, Ralph" <rlos@EnvestNet.com>
> To: "'Progenit Service S.r.l.'" <agente_progenit@public.iunet.it>;
> <focus-ms@securityfocus.com>
> Sent: Thursday, October 25, 2001 8:56 AM
> Subject: RE: Something about ISA Server 2000...
>
>
> > Giancarlo,
> >
> > Unfortunately, yes I have both experience and opinion. I started to
> > play around with ISA 2000 a while ago, and now I run 3 CheckPoint
FW-1's.
> > Nothing beats a CheckPoint, in my book, BUT, Netscreen is a great little
> > box, and Watchguard is worth the price as well for smaller offices.
> >
> > I'd stay away from ISA as a firewall, trust me, it's not something
> > you want to have to deal with...<shudder>....and I'm a Microsoft fan.
> >
> > Regards
> >
> > Ralph M. Los
> > Asst. Vice-President, Internet Systems and Security
> > EnvestnetPMC
> > rlos@envestnet.com
> > (312) 827-3945 (direct)
> > (312) 296-9003 (wireless w/voicemail)
> > * If you haven't been hacked, you don't know where your vulnerabilities
> lie*
> >
> >
> > -----Original Message-----
> > From: Progenit Service S.r.l. [mailto:agente_progenit@public.iunet.it]
> > Sent: Thursday, October 25, 2001 5:10 AM
> > To: focus-ms@securityfocus.com
> > Subject: Something about ISA Server 2000...
> >
> >
> > Hi all,
> >
> > has someone an opinion (good or bad....)concerning ISA Server 2000
> installed
> > as firewall? How many differences are among this software solution from
> > Microsoft and Check Point Firewall-1, Netscreen 10/100, Watchguard or
> Cisco
> > PIX?
> >
> > Any help would be appreciated.
> >
> > Thanks
> >
> > ---------------------------------------------------------------
> > Giancarlo Ballestracci
> > Technical Support
> > Progenit Service S.r.l. Agenzia TENOVIS-NEWTEL Telecommunications -
> > Information Security - New Technologies Tel 055-456336 Fax 055-452330
> > ---------------------------------------------------------------
>
>

Relevant Pages

  • RE: SBS Sp1 - ISA2004 - IP Half scan attacks
    ... alert warning that ISA Server detected an Internet Protocol half-scan ... an attack is attempted against your network. ... If you have enabled the intrusion detection on ISA, ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS Sp1 - ISA2004 - IP Half scan attacks
    ... > alert warning that ISA Server detected an Internet Protocol half-scan ... > an attack is attempted against your network. ... > alerts. ... If you have enabled the intrusion detection on ISA, ...
    (microsoft.public.windows.server.sbs)
  • Re: SPOOF Attack
    ... Yes it is probably a "spoof" attack just like the ... > Subject: ISA Server alert: The IP packet source address is not valid ... > via the interface on which the packet was received. ...
    (microsoft.public.isa)
  • Re: Help me
    ... A request does not have ... > big capacity and my ISA server was not logged any attack! ...
    (Security-Basics)
  • RE: Help me
    ... my ISP give our company a report about the capacity download ... The problem is my isa server has logged at about 7GB data down/upload. ... although My isa firewall prevented almost requests from the untrust ... requests that not except (attack, scan ping ...) in a month. ...
    (Security-Basics)