User, Password and Domain for ISA Server

From: Kamal Parmar (kamal.parmar_at_ke.ey.com)
Date: 12/20/03

  • Next message: Alfred Huger: "Lists are now closed for the Holidays" 
    To: pen-test@securityfocus.com
Date: Sat, 20 Dec 2003 04:58:29 -0800

    Hi,

    I am wondering whether anyone has been in these shoes before.

    I am working on a pen-test where I need to penetrate a machine which I
    believe is a Windows machine running Internet Security and Acceleration
    Server (ISA). I suspect it allows inbound connections to an internal LAN
    through a browser.....

    .... if only I can provide an appropriate user name, password and domain.
    Obviously I do not have any of these.

    I have drilled through dozens of sites on MS ISA server but all I get is
    admiration for this 'firewall' (!) and its feature rich capabilities
    (gggrttr...!)

    Can anyone help?

    Kamal Parmar
    Senior Business Analyst
    Technology and Security Risk Services (TSRS)
    Ernst & Young
    NAIROBI
    webmail: kamal.parmar@accamail.com
             ----------------------------------------------------------
    The information contained in this communication is intended solely for the
             use of the individual or entity to whom it is addressed and others
             authorized to receive it. It may contain confidential or legally
             privileged information. If you are not the intended recipient
             you are hereby notified that any disclosure, copying, distribution
             or taking any action in reliance on the contents of this
             information is strictly prohibited and may be unlawful. If you
             have received this communication in error, please notify us
             immediately by responding to this email and then delete it from
             your system. Ernst & Young is neither liable for the proper and
             complete transmission of the information contained in this
             communication nor for any delay in its receipt.

    Note: If you have received a delivery failure report, it may be due to the
             change in the Ernst & Young e-mail domain from "eyi.com" to
             "ey.com". Could you please make the necessary amendment, if
             required, and resend the message.

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Alfred Huger: "Lists are now closed for the Holidays"