Sure I'll do! Thanx again! Max > That's quite an ambitious undertaking! > If I can help with testing (my present profession), feel free to holler. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/authors/harrison/ > Read the books! > > ----- Original Message ----- > From: "Max" <max.bene@xxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Tuesday, February 19, 2002 06:45 > Subject: [isalist] Re: Packet Filtering on non-default external IP Address > > > http://www.ISAserver.org > > > Hi Jim, > There's not a special need... > > I've tought it would be great for my work to extend some capabilities of > ISA server, for example blocking an IP address for a certain time after a > Port Scan (just like Firewall-One for example does), or to automatically > block traffic with people who tries something like: > > http://www.worm.com/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNnn... or > http://.../scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir > > or blocking access to the SMTP relayer to those clients who tried a > spam... > or enhance the log capabilities building a Web based application in order > to get a real-time monitoring of traffic... > > I'm trying to build a full-integrated firewall solution with ISA SDK, MS > PLatform SDK and a Web Application for my customers, as I have to remotely > support and check their arrays... > > You're right, for Web worms I use a "deny" Web Publishing rule for All > Internal Destination Sets, populating a client address set with those IP > addresses... I've thought it would be more appropriated... > > If you have any suggestion I'd really appreciate... > > Thanks again > Max > > > It's pretty much a guarantee that any additional decision-making you apply > > to any proxy/firewall will affect performance. > > I'd also be careful auto-blocking; sometimes a client address set is more > > appropriate than a packet filter. > > Also, since ISA recognizes many of the more common intrusion attacks and > > blocks them by default, what is it you're adding? > > > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/authors/harrison/ > > Read the books! > > > > ----- Original Message ----- > > From: "Max" <max.bene@xxxxxxxxxxxx> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > Sent: Tuesday, February 19, 2002 00:55 > > Subject: [isalist] Re: Packet Filtering on non-default external IP Address > > > > > > http://www.ISAserver.org > > > > > > Thanx Jim. > > I'm trying to develope some addtional features on ISA, for example > > Auto-Blocking Spammers, Intruders and Worm attacks on Web Proxy... > > This means that I have to create a Packet Filter for each Intruder IP on > > each External IP Address of each Server of the Array... > > > > Can this affect server performance, as each packet has to be checked with > > all the filter conditions before being allowed to pass? > > > > Thanks Again > > Max > > > > > Nope; packet filtering is IP-specific on the external NIC. > > > > > > Jim Harrison > > > MCP(NT4, W2K), A+, Network+, PCG > > > http://isaserver.org/authors/harrison/ > > > Read the books! > > > > > > ----- Original Message ----- > > > From: "Max" <max.bene@xxxxxxxxxxxx> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > > > Sent: Monday, February 18, 2002 02:52 > > > Subject: [isalist] Packet Filtering on non-default external IP Address > > > > > > > > > http://www.ISAserver.org > > > > > > > > > Hi all, > > > I'm getting some trouble with packet filters... > > > My ISA has 4 IP Addresses on the external interface, and I've found out > > > that blocking traffic with packet filters on non-default IP addresses > > > requires filling the "This ISA Server's external IP Address" field on > the > > > "Local Computer" Tab... > > > Is there any way to block traffic on all external IP addresses? > > > > > > PS: I've tried with the "These computers (on the perimeter network)..." > > > option but it doesn't seem to work... > > > > > > > > > > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List as: > > > jim@xxxxxxxxxxxx > > > To unsubscribe send a blank email to $subst('Email.Unsub') > > > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > jim@xxxxxxxxxxxx > > To unsubscribe send a blank email to $subst('Email.Unsub') > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub')