RE: Security hole at boot
- From: Dar Scott <dsc@xxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 29 Dec 2001 14:48:52 -0700
Now I get only ICMP responses from port scans in that 22s window
whereas I found open ports before.
I may have gotten locked out. (?)
Dar
Hi Tom,
So far...
FTP yes
HTTP, telnet, terminal services no (but I may have goofed up something)
NetBIOS partial (still working on this)
I think I need NetBIOS on inside adaptors and have shut this down
the most I know how and still have it available for inside.
Here is how I am testing. On another machine I ping -n 700 x.x.x.x.
Then I restart the server. As soon as I see three ping responses I
start my other tests. 700 is lots more than I need, so I ^C when I
don't need more pings.
Uh, is there an easy way to restart without logging in?
Now that I've blabbed about this on the list, I'm cracking down on
when systems are restarted.
I'm still poking at it.
Thanks for the advice!
Dar
Hi Dar,
Interesting. I've noticed the same thing with pings, but I honestly
didn't think about the implications. Can you create
HTTP/FTP/SMTP/NetBIOS or any other session during this period?
Thanks!
Tom
-----Original Message-----
From: Dar Scott [mailto:dsc@xxxxxxxx]
Sent: Saturday, December 29, 2001 1:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Security hole at boot
http://www.ISAserver.org
For about 22 seconds at boot I can see ports on my external interface
before the IP filter kicks in. I can ping the external interface
from another computer during this time.
I'm assuming I'm doing something wrong concerning when services are
started, but I'm at a loss. A search for boot at isaserver.org or in
Shinder or Simmons got nowhere.
I haven't seen this at shutdown. I haven't tested this for boot
after crash or power off.
Some of these ports I can shut off other ways (and normally have),
but I expect a firewall to protect me from forgetting those things.
Dar Scott
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List
as: dsc@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
- » RE: Security hole at boot
- » RE: Security hole at boot
- » RE: Security hole at boot
- » Security hole at boot
- » RE: Security hole at boot
- » RE: Security hole at boot
- » RE: Security hole at boot
Hi Tom,
So far...
FTP yes
HTTP, telnet, terminal services no (but I may have goofed up something)
NetBIOS partial (still working on this)
I think I need NetBIOS on inside adaptors and have shut this down the most I know how and still have it available for inside.
Here is how I am testing. On another machine I ping -n 700 x.x.x.x. Then I restart the server. As soon as I see three ping responses I start my other tests. 700 is lots more than I need, so I ^C when I don't need more pings.
Uh, is there an easy way to restart without logging in?
Now that I've blabbed about this on the list, I'm cracking down on when systems are restarted.
I'm still poking at it.
Thanks for the advice!
Dar
Hi Dar,
Interesting. I've noticed the same thing with pings, but I honestly didn't think about the implications. Can you create HTTP/FTP/SMTP/NetBIOS or any other session during this period?
Thanks!
Tom
-----Original Message----- From: Dar Scott [mailto:dsc@xxxxxxxx] Sent: Saturday, December 29, 2001 1:33 PM To: [ISAserver.org Discussion List] Subject: [isalist] Security hole at boot
http://www.ISAserver.org
For about 22 seconds at boot I can see ports on my external interface before the IP filter kicks in. I can ping the external interface from another computer during this time.
I'm assuming I'm doing something wrong concerning when services are started, but I'm at a loss. A search for boot at isaserver.org or in Shinder or Simmons got nowhere.
I haven't seen this at shutdown. I haven't tested this for boot after crash or power off.
Some of these ports I can shut off other ways (and normally have), but I expect a firewall to protect me from forgetting those things.
Dar Scott
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: dsc@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')