[isalist] Re: Spoofing - ISA 2006 SP1

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Tue, 12 Aug 2008 20:23:16 -0500

http://www.ISAserver.org
-------------------------------------------------------

It's the way I always do it. Just ignore the spurious "spoofing" messages you 
see from time to time from the VPN clients.

HTH,
Tom

Thomas W. Shinder, M.D., MCSE  ||  Sr. Consultant / Technical Writer
shinder@xxxxxxxxxxxxxxxxxxxxx  ||  www.prowessconsulting.com
Mobile: Pending  ||  Phone: Pending  ||  Fax (206) 443.1119
Blog: http://blogs.isaserver.org/shinder  ||  Books: http://tinyurl.com/2gpoo8 

PROWESS CONSULTING  ||  documentation  ||  integration  ||  virtualization



> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
> Behalf Of
> Andy Haigh
> Sent: Tuesday, August 12, 2008 8:22 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Spoofing - ISA 2006 SP1
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> If this is not the way to set VPN clients up, why does ISA allow you to
> use the internal DHCP to provide addresses?
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: Tuesday, 12 August 2008 3:23 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Spoofing - ISA 2006 SP1
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Don't use the same network range for VPN and internal networks.
> This isn't new since SP1.
> 
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Raji Arulambalam
> Sent: Monday, August 11, 2008 10:17 PM
> To: [ISAserver Discussion List]
> Subject: [isalist] Spoofing - ISA 2006 SP1
> 
> http://www.ISAserver.org
> -------------------------------------------------------
> 
> Hi
> I am getting these messages since applying SP1.
> This is for incoming VPN connections that get their IP# assigned from
> DHCP from the internal network.
> The ISA servers' internal network addresses is also 172.16.90.0/24
> 
> How do I fix this? Would I exclude these ip# range from the internal
> network addresses?
> 
> Cheers
> Raji
> 
> 
> ......
> Description: ISA Server detected a spoof attack from Internet Protocol
> (IP) address 172.16.90.4. A spoof attack occurs when an IP address that
> is not reachable via the interface on which the packet was received. If
> logging for dropped packets is set, you can view details in the firewall
> log.
> 
> Description: ISA Server detected routes through the network adapter
> Internal NIC 172 net that do not correlate with the network to which
> this network adapter belongs. When networks are configured correctly,
> the IP address ranges included in each array-level network must include
> all IP addresses that are routable through its network adapters
> according to their routing tables. Otherwise valid packets may be
> dropped as spoofed. The following ranges are included in the network's
> IP address ranges but are not routable through any of the network's
> adapters: 172.16.90.4-172.16.90.4;. Note that this event may be
> generated once after you add a route, create a remote site network, or
> configure Network Load Balancing and may be safely ignored if it does
> not re-occur.
> 
> The routing table for the network adapter Internal includes IP address
> ranges that are not defined in the array-level network VPN Clients, to
> which it is bound. As a result, packets arriving at this network adapter
> from the IP address ranges listed below or sent to these IP address
> ranges via this network adapter will be dropped as spoofed. To resolve
> this issue, add the missing IP address ranges to the array network.
> The following IP address ranges will be dropped as spoofed:
> Internal:172.16.90.4-172.16.90.4;
> ''''''
> 
> Email disclaimer: This email and any attachments are confidential. If
> you are not the intended recipient, do not copy, disclose or use the
> contents in any way. If you receive this message in error, please let us
> know by return email and then destroy the message. Environment Bay of
> Plenty is not responsible for any changes made to this message and/or
> any attachments after sending.
> ******************************************************
> This e-mail has been checked for viruses and none.
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
> 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » [isalist] Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1

1. Home
2. isalist
3. Archive
4. 08-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---