[isalist] Re: FW: Re[2]: Bypassing ISA Server 2004 with IPv6

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Sun, 16 Apr 2006 21:08:59 -0500

http://www.ISAserver.org
-------------------------------------------------------

It takes a big man to admit that :)

Actually, I am no grammarian -- its only when politics infect grammar
that I pay attention. You're still more skilled at the mechanics of the
language as a whole :)

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor 
> (Hammer of God)
> Sent: Sunday, April 16, 2006 7:57 PM
> To: isalist@xxxxxxxxxxxxx; Timothy Mullen; Thomas W Shinder
> Subject: [isalist] Re: FW: Re[2]: Bypassing ISA Server 2004 with IPv6
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> 
> Ah- I more clearly see your point regarding "agreement in 
> numbers."  The
> "true" object is "administrator" used in singularity; however I used a
> reflexive of "themselves" in plurality. That is indeed 
> incorrect. And though
> I contend that non-gender specificity should be observed in general
> reference, I agree that object/pronoun agreement should come 
> "first," even
> if modern-usage dictates gender etiquette.
> 
> I should have said "saving ignorant administrators from themselves."
> 
> You win.
> 
> t
> 
> 
> On 4/16/06 5:25 PM, "Thor (Hammer of God)" 
> <thor@xxxxxxxxxxxxxxx> spoketh to
> all:
> 
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >   
> > Actually, it *is* reflexive.  "Himself, herself, themselves" are all
> > reflexive pronouns.  When the object of the sentence is not 
> a pronoun, i.e.
> > "the ignorant administrator" you can't directly match the 
> object with a
> > reflexive pronoun, hence my use of "themselves."  
> Pedantically, one cannot
> > say "protecting the ignorant administrator from himself" nor can you
> > (correctly) say "from herself," as all reflexive pronouns 
> must match the
> > object pronoun if it exists.  In the case of "the" being 
> substituted as a
> > non-gender reference, "themselves" was the best choice of 
> reflexive pronoun
> > for that object. The ubiquitous use of "the" obviates the 
> use of any other
> > gender specific pronoun, regardless of "number agreement."  
> In any other
> > case, I would acquiesce to your point in regard to grammar, 
> but not here.
> > 
> > t 
> > 
> > 
> > 
> > 
> > On 4/16/06 5:05 PM, "Thomas W Shinder" 
> <tshinder@xxxxxxxxxxx> spoketh to
> > all:
> > 
> >> http://www.ISAserver.org
> >> -------------------------------------------------------
> >> 
> >> It's not a reflexive thing, it's an agreement in number thing.
> >> 
> >> Sent via ISA firewall protected Exchange 2003 Windows Mobile
> >> 
> >> 
> >> -----Original Message-----
> >> From: "Thor (Hammer of God)"<thor@xxxxxxxxxxxxxxx>
> >> Sent: 4/16/06 4:58:27 PM
> >> To: "isalist@xxxxxxxxxxxxx"<isalist@xxxxxxxxxxxxx>
> >> Subject: [isalist] Re: FW: Re[2]: Bypassing ISA Server 
> 2004 with IPv6
> >> 
> >> http://www.ISAserver.org
> >> -------------------------------------------------------
> >>   
> >> It should be "installs *and* configures," and you should 
> check the spacing
> >> on the post... Looks like some spaces were removed.
> >> 
> >> Thanks for the post, though.  Refexive pronouns and all ;)
> >> 
> >> T
> >> 
> >> 
> >> On 4/16/06 6:50 AM, "Thomas W Shinder" 
> <tshinder@xxxxxxxxxxx> spoketh to
> >> all:
> >> 
> >>> http://www.ISAserver.org
> >>> -------------------------------------------------------
> >>> 
> >>> Here you go:
> >>> 
> >>> 
> http://blogs.isaserver.org/shinder/2006/04/16/isa-firewalls-and-ipv6/
> >>> 
> >>> Thomas W Shinder, M.D.
> >>> Site: www.isaserver.org
> >>> Blog: http://blogs.isaserver.org/shinder/
> >>> Book: http://tinyurl.com/3xqb7
> >>> MVP -- ISA Firewalls
> >>> 
> >>>  
> >>> 
> >>>> -----Original Message-----
> >>>> From: isalist-bounce@xxxxxxxxxxxxx
> >>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
> >>>> (Hammer of God)
> >>>> Sent: Saturday, April 15, 2006 10:40 PM
> >>>> To: isalist@xxxxxxxxxxxxx
> >>>> Subject: [isalist] FW: Re[2]: Bypassing ISA Server 2004 with IPv6
> >>>> 
> >>>> http://www.ISAserver.org
> >>>> -------------------------------------------------------
> >>>>   
> >>>> 
> >>>> Just to keep the ISA Lists in the mix when it comes to this
> >>>> "IPv6 Bypassing
> >>>> ISA" thing...
> >>>> 
> >>>> 
> >>>> 
> >>>> ------ Forwarded Message
> >>>> From: "Thor   (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
> >>>> Date: Sat, 15 Apr 2006 20:28:36 -0700
> >>>> To: Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
> >>>> Conversation: Re[2]: Bypassing ISA Server 2004 with IPv6
> >>>> Subject: Re: Re[2]: Bypassing ISA Server 2004 with IPv6
> >>>> 
> >>>> ISA Server is an application that is installed on top of the
> >>>> base OS. Are
> >>>> you suggesting that the application should actually 
> prevent the local
> >>>> administrator of the host machine from installing and 
> configuring what
> >>>> protocols are bound to what adapters?
> >>>> 
> >>>> To me, *that* is the borderline.  There is no such thing as
> >>>> "for what ever
> >>>> reason ipv6 in enabled on ISA" when it comes to administering
> >>>> an enterprise
> >>>> firewall product.  If an administrator installs configures
> >>>> ipv6 on the OS of
> >>>> the firewall, and then binds ipv6 to a protected network
> >>>> segment, then they
> >>>> absolutely, positively, without-a-doubt get exactly what 
> they deserve.
> >>>> Anyone who does that without understanding what they are
> >>>> doing are simply
> >>>> taking jobs away from competent, knowledgeable administrators.
> >>>> 
> >>>> The mindset of "protecting the ignorant administrator from
> >>>> themselves" in
> >>>> this business has got to end.  Positioning this as if there
> >>>> is some flaw in
> >>>> ISA because the application does not prohibit a local
> >>>> administrator from
> >>>> binding unsupported protocols to interfaces is simply
> >>>> ludicrous. In fact, it
> >>>> is the opposite that is true:  If I as an administrator of a
> >>>> machine want to
> >>>> bind a protocol to an adapter for some reason (as in a
> >>>> separate, private
> >>>> segment for use in a particular environment) then I should,
> >>>> indeed MUST, be
> >>>> able to do it.  And I will be responsible for the
> >>>> implications of doing so.
> >>>> 
> >>>> There was an earlier thread today where a simple list of
> >>>> hostnames being
> >>>> filtered from the Win32 HOSTS file was positioned as
> >>>> "deliberate sabotage"
> >>>> of our machines by Microsoft; a case of "It's my computer-
> >>>> keep your hands
> >>>> off."  Yet here, the integrity of a product is being
> >>>> challenged because the
> >>>> application does not prevent an administrator from installing
> >>>> and binding
> >>>> protocols at the OS-level in cases where the application is
> >>>> not designed to
> >>>> filter those protocols?  That is a double-standard at its best.
> >>>> 
> >>>> t
> >>>> 
> >>>> 
> >>>> On 4/10/06 12:34 PM, <You can get the OP from Bugtraq> 
> spoketh to all:
> >>>> 
> >>>>>    Thanks for clearing that. But: If ISA is not able to
> >>>> filter IPv6 so
> >>>>>    why can it be bound to an interface anyway? Just to 
> route things
> >>>>>    through? Blindly through a firewall?
> >>>>>    Another posting talks about limited filtering 
> capabilities. Roman
> >>>>>    wrote, icmp went through. So where is the borderline? It
> >>>> still seems
> >>>>>    to me that in the moment for what ever reason ipv6 is
> >>>> enabled on ISA
> >>>>>    the network it should secure is exposed.
> >>>>> 
> >>>> 
> >>>> 
> >>>> ------ End of Forwarded Message
> >>>> 
> >>>> 
> >>>> ------------------------------------------------------
> >>>> List Archives: //www.freelists.org/archives/isalist/
> >>>> ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> >>>> ISA Server Articles and Tutorials:
> >>>> http://www.isaserver.org/articles_tutorials/
> >>>> ISA Server Blogs: http://blogs.isaserver.org/
> >>>> ------------------------------------------------------
> >>>> Visit TechGenix.com for more information about our other sites:
> >>>> http://www.techgenix.com
> >>>> ------------------------------------------------------
> >>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >>>> Report abuse to listadmin@xxxxxxxxxxxxx
> >>>> 
> >>>> 
> >>>> 
> >>> ------------------------------------------------------
> >>> List Archives: //www.freelists.org/archives/isalist/
> >>> ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> >>> ISA Server Articles and Tutorials:
> >>> http://www.isaserver.org/articles_tutorials/
> >>> ISA Server Blogs: http://blogs.isaserver.org/
> >>> ------------------------------------------------------
> >>> Visit TechGenix.com for more information about our other sites:
> >>> http://www.techgenix.com
> >>> ------------------------------------------------------
> >>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >>> Report abuse to listadmin@xxxxxxxxxxxxx
> >>> 
> >>> 
> >>> 
> >> 
> >> 
> >> ------------------------------------------------------
> >> List Archives: //www.freelists.org/archives/isalist/
> >> ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> >> ISA Server Articles and Tutorials:
> >> http://www.isaserver.org/articles_tutorials/
> >> ISA Server Blogs: http://blogs.isaserver.org/
> >> ------------------------------------------------------
> >> Visit TechGenix.com for more information about our other sites:
> >> http://www.techgenix.com
> >> ------------------------------------------------------
> >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >> Report abuse to listadmin@xxxxxxxxxxxxx
> >> 
> >> 
> >> ------------------------------------------------------
> >> List Archives: //www.freelists.org/archives/isalist/
> >> ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> >> ISA Server Articles and Tutorials:
> >> http://www.isaserver.org/articles_tutorials/
> >> ISA Server Blogs: http://blogs.isaserver.org/
> >> ------------------------------------------------------
> >> Visit TechGenix.com for more information about our other sites:
> >> http://www.techgenix.com
> >> ------------------------------------------------------
> >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> >> Report abuse to listadmin@xxxxxxxxxxxxx
> >> 
> >> 
> >> 
> > 
> > 
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> > 
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/  
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 
> 
> 
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » [isalist] FW: Re[2]: Bypassing ISA Server 2004 with IPv6
• » [isalist] Re: FW: Re[2]: Bypassing ISA Server 2004 with IPv6
• » [isalist] Re: FW: Re[2]: Bypassing ISA Server 2004 with IPv6
• » [isalist] Re: FW: Re[2]: Bypassing ISA Server 2004 with IPv6
• » [isalist] Re: FW: Re[2]: Bypassing ISA Server 2004 with IPv6
• » [isalist] Re: FW: Re[2]: Bypassing ISA Server 2004 with IPv6
• » [isalist] Re: FW: Re[2]: Bypassing ISA Server 2004 with IPv6

1. Home
2. isalist
3. Archive
4. 04-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---