Re: Allow ICMP on external interface

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 30 Sep 2003 16:49:31 -0700

Why do folks always want to allow the simplest of DoS attacks?
<sigh>

The statement "Default IP address(es)" is a misnomer; it really means "the
default external address on each server in the array".
You have to create an identical packet filter for each additional IP that
you want to open to the most basic of script kiddie attacks.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "Han Valk" <Han.Valk@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, September 30, 2003 13:15
Subject: [isalist] Allow ICMP on external interface


http://www.ISAserver.org


Hi,

I have 3 ip-addresses bound to the external interface and I would like to be
able to ping all 3 addresses from the internet. So I enabled a packet filter
which uses the 'ICMP ping query' filter type and choose 'Default IP
address(es) on the external interface(s)'. But unfortunately only the lowest
of the 3 addresses responds to a ping. Servers published on the 3 addresses
work perfectly.
What is going on?

Best regards,
Han Valk.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

Other related posts:

• » Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface
• » Re: Allow ICMP on external interface

1. Home
2. isalist
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---