[isalist] Re: FW: Re[3]: Bypassing ISA Server 2004 with IPv6

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Tue, 25 Apr 2006 07:54:50 -0500

http://www.ISAserver.org
-------------------------------------------------------

There's no help for the "Welfare Model" or "Mommy State" types. 

There's no Fabian dream to come to life in their social order and
software sure ain't ever going to provide it.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx 
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor 
> (Hammer of God)
> Sent: Monday, April 24, 2006 4:10 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] FW: Re[3]: Bypassing ISA Server 2004 with IPv6
> 
> http://www.ISAserver.org
> -------------------------------------------------------
>   
> 
> I give up.  There is just no educating some people.
> 
> ------ Forwarded Message
> From: Christine Kronberg
> Date: Mon, 24 Apr 2006 22:55:00 +0200 (CEST)
> To: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
> Cc: Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
> Subject: Re: Re[3]: Bypassing ISA Server 2004 with IPv6
> 
> On Wed, 19 Apr 2006, Thor (Hammer of God) wrote:
> > On 4/15/06 1:23 PM, "Christine Kronberg" <seeker@xxxxxxxxx> 
> spoketh to all:
> >
> > Based on your responses to this thread, my guess is that 
> you have never
> > installed or managed an ISA firewall.  Just a guess...
> 
>    ... which is wrong. Although I never used ipv6 with ISA. Had no
>    reason to do so.
> 
> > Regardless, let's try to clear this up one final time.  IPv6 is NOT
> > installed on ISA by default. BY DEFAULT, EVERYTHING IS 
> BLOCKED.  ISA *does
> 
>    None denied that.
> 
> > not* support IPv6.  There are NO holes blown in networks.  
> This entire
> > argument is crazy, and based on misinformation.  You don't 
> install or
> > configure IPv6 through ISA. You have to be an administrator 
> of the host
> > machine and go into the network properties and explicitly 
> install, bind, and
> > configure IPv6 for it to work.  You also have to do the 
> same on your border
> > routers and upstream ISP.  It takes deliberate action on 
> the part of the
> > admin to do this.  DOING THIS EXPLICITLY ENABLES IPV6.  
> Duh!  It's like you
> > people would complain that if the administrator uninstalled 
> ISA, that the
> > resultant lack of a firewall was a critical Microsoft vulnerability!
> 
>    So I have to use the network properties to install ... or 
> activate ipv6?
>    It is not that you have to show up with the cd, right? 
> Just a few clicks
>    and off we go. Fine. Being an expert about ISA you 
> certainly know that
>    ISA is shutting down a good amount of services (running or 
> not) which
>    are considered probably harmful. Yet ipv6 is not 
> considered harmful as
>    ISA is not aware of it. Doesn't that sound secure but 
> ignorant. If ISA
>    is not ready for ipv6 then it should remove the possiblity 
> of using it.
>    Everything is careless.
>    And don't speculate that your isp does not support ipv6. 
> This kind of
>    security thinking had never worked out well.
>    You may be good with ISA, I don't know, but your lack in 
> understanding
>    how to build security software gives me a chill.
> 
> > Jim Harrison and I are doing a 2-day immersion training for 
> ISA at BlackHat
> > Vegas.  ISA Server freaking rocks.  If you are really 
> interested in ISA and
> 
>    A server making funny assumptions about my network rocks? No sir.
>    Although this is an entirely different subject (finding 
> that sweet ISA
>    was adding all private IP ranges to the internal network 
> without being
>    told so).
> 
> > want to get the skills needed to build robust firewalls, 
> then take the
> 
>    In the last seven years I worked for a firewall vendor. 
> And that vendor
>    builds robust firewalls.
> 
>    Cheers,
> 
>    Christine Kronberg.
> 
> 
> 
> 
> ------ End of Forwarded Message
> 
> 
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/  
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
> ISA Server Articles and Tutorials: 
> http://www.isaserver.org/articles_tutorials/ 
> ISA Server Blogs: http://blogs.isaserver.org/ 
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com 
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
> Report abuse to listadmin@xxxxxxxxxxxxx 
> 
> 
> 
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » [isalist] FW: Re[3]: Bypassing ISA Server 2004 with IPv6
• » [isalist] Re: FW: Re[3]: Bypassing ISA Server 2004 with IPv6
• » [isalist] Re: FW: Re[3]: Bypassing ISA Server 2004 with IPv6
• » [isalist] Re: FW: Re[3]: Bypassing ISA Server 2004 with IPv6
• » [isalist] Re: FW: Re[3]: Bypassing ISA Server 2004 with IPv6
• » [isalist] Re: FW: Re[3]: Bypassing ISA Server 2004 with IPv6

1. Home
2. isalist
3. Archive
4. 04-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---