http://www.ISAserver.org ------------------------------------------------------- What's WINS?..... ;) Steve Comeau IT Manager Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Tuesday, August 12, 2008 10:18 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Spoofing - ISA 2006 SP1 http://www.ISAserver.org ------------------------------------------------------- You can use static IPs and still provide proper DNS and WINS settings. This is all part of the ISA configuration options. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steven Comeau Sent: Tuesday, August 12, 2008 7:14 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Spoofing - ISA 2006 SP1 http://www.ISAserver.org ------------------------------------------------------- So you suggest that people create another network with another DHCP server or use Static IPs? We use the "Internal" DHCP server so we get DNS resolution to those connected from the outside. Because our ISA server is not part of the domain, wouldn't using a Non-AD based DHCP server makes things more difficult? Steve Comeau IT Manager Rutgers Athletics 83 Rockafeller Road Piscataway, NJ 08854 732-445-7802 732-445-4623 (fax) www.scarletknights.com -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Tuesday, August 12, 2008 9:55 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Spoofing - ISA 2006 SP1 http://www.ISAserver.org ------------------------------------------------------- ..which is exactly why you shouldn't use (the same) DHCP server for VPN clients. <g> Jim -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Tuesday, August 12, 2008 6:08 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Spoofing - ISA 2006 SP1 http://www.ISAserver.org ------------------------------------------------------- Unless you're using DHCP to assign VPN client addresses :) Thomas W. Shinder, M.D., MCSE || Sr. Consultant / Technical Writer shinder@xxxxxxxxxxxxxxxxxxxxx || www.prowessconsulting.com Mobile: Pending || Phone: Pending || Fax (206) 443.1119 Blog: http://blogs.isaserver.org/shinder || Books: http://tinyurl.com/2gpoo8 PROWESS CONSULTING || documentation || integration || virtualization > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of > Jim Harrison > Sent: Tuesday, August 12, 2008 12:23 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Spoofing - ISA 2006 SP1 > > http://www.ISAserver.org > ------------------------------------------------------- > > Don't use the same network range for VPN and internal networks. > This isn't new since SP1. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of > Raji Arulambalam > Sent: Monday, August 11, 2008 10:17 PM > To: [ISAserver Discussion List] > Subject: [isalist] Spoofing - ISA 2006 SP1 > > http://www.ISAserver.org > ------------------------------------------------------- > > Hi > I am getting these messages since applying SP1. > This is for incoming VPN connections that get their IP# assigned from DHCP > from the > internal network. > The ISA servers' internal network addresses is also 172.16.90.0/24 > > How do I fix this? Would I exclude these ip# range from the internal network > addresses? > > Cheers > Raji > > > ...... > Description: ISA Server detected a spoof attack from Internet Protocol (IP) > address > 172.16.90.4. A spoof attack occurs when an IP address that is not reachable > via the > interface on which the packet was received. If logging for dropped packets is > set, you > can view details in the firewall log. > > Description: ISA Server detected routes through the network adapter Internal > NIC 172 > net that do not correlate with the network to which this network adapter > belongs. > When networks are configured correctly, the IP address ranges included in > each array- > level network must include all IP addresses that are routable through its > network > adapters according to their routing tables. Otherwise valid packets may be > dropped as > spoofed. The following ranges are included in the network's IP address ranges > but are > not routable through any of the network's adapters: 172.16.90.4-172.16.90.4;. > Note that > this event may be generated once after you add a route, create a remote site > network, > or configure Network Load Balancing and may be safely ignored if it does not > re- > occur. > > The routing table for the network adapter Internal includes IP address ranges > that are > not defined in the array-level network VPN Clients, to which it is bound. As > a result, > packets arriving at this network adapter from the IP address ranges listed > below or > sent to these IP address ranges via this network adapter will be dropped as > spoofed. > To resolve this issue, add the missing IP address ranges to the array network. > The following IP address ranges will be dropped as spoofed: > Internal:172.16.90.4-172.16.90.4; > '''''' ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx *** This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Rutgers University - DIA 83 Rockafeller Road Piscataway, NJ 08854 www.scarletknights.com *** ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx