[isalist] Re: Spoofing - ISA 2006 SP1

  • From: "Steven Comeau" <scomeau@xxxxxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 12 Aug 2008 10:22:41 -0400

http://www.ISAserver.org
-------------------------------------------------------

What's WINS?..... ;)

Steve Comeau
IT Manager
Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ  08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com
 

 
 
 

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Tuesday, August 12, 2008 10:18 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Spoofing - ISA 2006 SP1

http://www.ISAserver.org
-------------------------------------------------------
  
You can use static IPs and still provide proper DNS and WINS settings.
This is all part of the ISA configuration options.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Steven Comeau
Sent: Tuesday, August 12, 2008 7:14 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Spoofing - ISA 2006 SP1

http://www.ISAserver.org
-------------------------------------------------------

So you suggest that people create another network with another DHCP server or 
use Static IPs?  We use the "Internal" DHCP server so we get DNS resolution to 
those connected from the outside.  Because our ISA server is not part of the 
domain, wouldn't using a Non-AD based DHCP server makes things more difficult?

Steve Comeau
IT Manager
Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ  08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com





-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Tuesday, August 12, 2008 9:55 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Spoofing - ISA 2006 SP1

http://www.ISAserver.org
-------------------------------------------------------

..which is exactly why you shouldn't use (the same) DHCP server for VPN clients.
<g>

Jim

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thomas W Shinder
Sent: Tuesday, August 12, 2008 6:08 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Spoofing - ISA 2006 SP1

http://www.ISAserver.org
-------------------------------------------------------

Unless you're using DHCP to assign VPN client addresses :)

Thomas W. Shinder, M.D., MCSE  ||  Sr. Consultant / Technical Writer
shinder@xxxxxxxxxxxxxxxxxxxxx  ||  www.prowessconsulting.com
Mobile: Pending  ||  Phone: Pending  ||  Fax (206) 443.1119
Blog: http://blogs.isaserver.org/shinder  ||  Books: http://tinyurl.com/2gpoo8

PROWESS CONSULTING  ||  documentation  ||  integration  ||  virtualization



> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
> Behalf Of
> Jim Harrison
> Sent: Tuesday, August 12, 2008 12:23 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Spoofing - ISA 2006 SP1
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Don't use the same network range for VPN and internal networks.
> This isn't new since SP1.
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
> Behalf Of
> Raji Arulambalam
> Sent: Monday, August 11, 2008 10:17 PM
> To: [ISAserver Discussion List]
> Subject: [isalist] Spoofing - ISA 2006 SP1
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Hi
> I am getting these messages since applying SP1.
> This is for incoming VPN connections that get their IP# assigned from DHCP 
> from the
> internal network.
> The ISA servers' internal network addresses is also 172.16.90.0/24
>
> How do I fix this? Would I exclude these ip# range from the internal network
> addresses?
>
> Cheers
> Raji
>
>
> ......
> Description: ISA Server detected a spoof attack from Internet Protocol (IP) 
> address
> 172.16.90.4. A spoof attack occurs when an IP address that is not reachable 
> via the
> interface on which the packet was received. If logging for dropped packets is 
> set, you
> can view details in the firewall log.
>
> Description: ISA Server detected routes through the network adapter Internal 
> NIC 172
> net that do not correlate with the network to which this network adapter 
> belongs.
> When networks are configured correctly, the IP address ranges included in 
> each array-
> level network must include all IP addresses that are routable through its 
> network
> adapters according to their routing tables. Otherwise valid packets may be 
> dropped as
> spoofed. The following ranges are included in the network's IP address ranges 
> but are
> not routable through any of the network's adapters: 172.16.90.4-172.16.90.4;. 
> Note that
> this event may be generated once after you add a route, create a remote site 
> network,
> or configure Network Load Balancing and may be safely ignored if it does not 
> re-
> occur.
>
> The routing table for the network adapter Internal includes IP address ranges 
> that are
> not defined in the array-level network VPN Clients, to which it is bound. As 
> a result,
> packets arriving at this network adapter from the IP address ranges listed 
> below or
> sent to these IP address ranges via this network adapter will be dropped as 
> spoofed.
> To resolve this issue, add the missing IP address ranges to the array network.
> The following IP address ranges will be dropped as spoofed:
> Internal:172.16.90.4-172.16.90.4;
> ''''''

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

***  This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be 
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses.  The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com *** 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts: