Re: 2 Ways to block outbound ICMP?

• From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 25 Sep 2003 15:28:55 +0200

Thanks Jim.

No worries on the baseline of supportability though, SP1 was my first
post-install task on the ISA installation, and I eagerly await ISA2K (with
it's first SP...)

Cheers


-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: 25 September 2003 15:27 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: 2 Ways to block outbound ICMP?

http://www.ISAserver.org


That's absolutely correct; stop the LAT hosts, but not ISA from pinging.
Yes, that code is part of SP1, which BTW, is considered the baseline for
supportability if youever have to call PSS...

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Thu, 25 Sep 2003 14:33:31 +0200
 "William Robertson" <robertson.william@xxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org


So what you're saying is that instead of simply disabling the default
"Outbound ICMP" packet filter, I should instead implement the recommendation
in http://support.microsoft.com/default.aspx?scid=kb;en-us;283213 to control
"unauthorised" pinging?

Would I still have to install the ISAHF51.EXE or has that been included in
the ISA Rollup Fix, or ISA SP1?

Cheers
William R.

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: 25 September 2003 14:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: 2 Ways to block outbound ICMP?

http://www.ISAserver.org


It's not really the same thing.
Disabling the PF also prevents ISA from making ping queries.
What that article describes is dropping ping queries from SecureNAT clients.

This helps mitigate the problem where ISA is drowning in Welcia ping
queries.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Thu, 25 Sep 2003 07:57:38 +0200
 "William Robertson" <robertson.william@xxxxxxxxxxxxxx> wrote:
http://www.ISAserver.org


Hi there

 

I've just been reading
http://support.microsoft.com/default.aspx?scid=kb;en-us;283213 and noticed
the section on "Blocking and Logging Outbound ICMP Traffic".

 

Now this article was last reviewed on 23 April 2003 so I presume that it's
info is pretty current. But what I don't understand is why I would want to
look at installing the ISAHF51.EXE and then creating the BlockOutboundICMP
registry key, when simply disabling the default "Allow Outbound ICMP" Packet
Filter rule would appear to do the same thing.?

 

Am I missing something here?

 

Cheers

William R. 


---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official 
business of Columbus Stainless is proprietary to the company. It is 
confidential, legally privileged and protected by law. Columbus 
Stainless does not own and endorse any other content. Views and 
opinions are those of the sender unless clearly stated as being that 
of Columbus Stainless. The person addressed in the e-mail is the sole 
authorised recipient.  Please notify the sender immediately if it has 
unintentionally reached you and do not read, disclose or use the 
content in any way. Whilst all reasonable steps are taken to ensure 
the accuracy and integrity of information and data transmitted 
electronically and to preserve the confidentiality thereof, no 
liability or responsibility whatsoever is accepted if information or 
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official 
business of Columbus Stainless is proprietary to the company. It is 
confidential, legally privileged and protected by law. Columbus 
Stainless does not own and endorse any other content. Views and 
opinions are those of the sender unless clearly stated as being that 
of Columbus Stainless. The person addressed in the e-mail is the sole 
authorised recipient.  Please notify the sender immediately if it has 
unintentionally reached you and do not read, disclose or use the 
content in any way. Whilst all reasonable steps are taken to ensure 
the accuracy and integrity of information and data transmitted 
electronically and to preserve the confidentiality thereof, no 
liability or responsibility whatsoever is accepted if information or 
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

---------------------------------------------------------------------
Everything in this e-mail and attachments relating to the official 
business of Columbus Stainless is proprietary to the company. It is 
confidential, legally privileged and protected by law. Columbus 
Stainless does not own and endorse any other content. Views and 
opinions are those of the sender unless clearly stated as being that 
of Columbus Stainless. The person addressed in the e-mail is the sole 
authorised recipient.  Please notify the sender immediately if it has 
unintentionally reached you and do not read, disclose or use the 
content in any way. Whilst all reasonable steps are taken to ensure 
the accuracy and integrity of information and data transmitted 
electronically and to preserve the confidentiality thereof, no 
liability or responsibility whatsoever is accepted if information or 
data is,for whatever reason, corrupted or does not reach its intended
destination.
---------------------------------------------------------------------

Other related posts:

• » 2 Ways to block outbound ICMP?
• » Re: 2 Ways to block outbound ICMP?
• » Re: 2 Ways to block outbound ICMP?
• » Re: 2 Ways to block outbound ICMP?
• » Re: 2 Ways to block outbound ICMP?
• » Re: 2 Ways to block outbound ICMP?
• » Re: 2 Ways to block outbound ICMP?
• » Re: 2 Ways to block outbound ICMP?

1. Home
2. isalist
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---