Re: Packet Filtering on non-default external IP Address
- From: "Max" <max.bene@xxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Thu, 21 Feb 2002 10:56:10 -0700
Sure I'll do!
Thanx again!
Max
> That's quite an ambitious undertaking!
> If I can help with testing (my present profession), feel free to holler.
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/authors/harrison/
> Read the books!
>
> ----- Original Message -----
> From: "Max" <max.bene@xxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, February 19, 2002 06:45
> Subject: [isalist] Re: Packet Filtering on non-default external IP Address
>
>
> http://www.ISAserver.org
>
>
> Hi Jim,
> There's not a special need...
>
> I've tought it would be great for my work to extend some capabilities of
> ISA server, for example blocking an IP address for a certain time after a
> Port Scan (just like Firewall-One for example does), or to automatically
> block traffic with people who tries something like:
>
> http://www.worm.com/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNnn... or
> http://.../scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
>
> or blocking access to the SMTP relayer to those clients who tried a
> spam...
> or enhance the log capabilities building a Web based application in order
> to get a real-time monitoring of traffic...
>
> I'm trying to build a full-integrated firewall solution with ISA SDK, MS
> PLatform SDK and a Web Application for my customers, as I have to remotely
> support and check their arrays...
>
> You're right, for Web worms I use a "deny" Web Publishing rule for All
> Internal Destination Sets, populating a client address set with those IP
> addresses... I've thought it would be more appropriated...
>
> If you have any suggestion I'd really appreciate...
>
> Thanks again
> Max
>
> > It's pretty much a guarantee that any additional decision-making you apply
> > to any proxy/firewall will affect performance.
> > I'd also be careful auto-blocking; sometimes a client address set is more
> > appropriate than a packet filter.
> > Also, since ISA recognizes many of the more common intrusion attacks and
> > blocks them by default, what is it you're adding?
> >
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/authors/harrison/
> > Read the books!
> >
> > ----- Original Message -----
> > From: "Max" <max.bene@xxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Tuesday, February 19, 2002 00:55
> > Subject: [isalist] Re: Packet Filtering on non-default external IP Address
> >
> >
> > http://www.ISAserver.org
> >
> >
> > Thanx Jim.
> > I'm trying to develope some addtional features on ISA, for example
> > Auto-Blocking Spammers, Intruders and Worm attacks on Web Proxy...
> > This means that I have to create a Packet Filter for each Intruder IP on
> > each External IP Address of each Server of the Array...
> >
> > Can this affect server performance, as each packet has to be checked with
> > all the filter conditions before being allowed to pass?
> >
> > Thanks Again
> > Max
> >
> > > Nope; packet filtering is IP-specific on the external NIC.
> > >
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://isaserver.org/authors/harrison/
> > > Read the books!
> > >
> > > ----- Original Message -----
> > > From: "Max" <max.bene@xxxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Monday, February 18, 2002 02:52
> > > Subject: [isalist] Packet Filtering on non-default external IP Address
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > >
> > > Hi all,
> > > I'm getting some trouble with packet filters...
> > > My ISA has 4 IP Addresses on the external interface, and I've found out
> > > that blocking traffic with packet filters on non-default IP addresses
> > > requires filling the "This ISA Server's external IP Address" field on
> the
> > > "Local Computer" Tab...
> > > Is there any way to block traffic on all external IP addresses?
> > >
> > > PS: I've tried with the "These computers (on the perimeter network)..."
> > > option but it doesn't seem to work...
> > >
> > >
> > >
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe send a blank email to $subst('Email.Unsub')
> >
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe send a blank email to $subst('Email.Unsub')
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
