Re: Firewall Service Problem

• From: "Paul Nuernberger" <pen@xxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 10 Oct 2003 10:24:43 -0500

It would also be worth mentioning that this 'client' is on the inside (i.e.
trusted) network interface.  ISA's job is to protect the inside from the
outside, not to protect the inside from itself.

That job falls to the IT person/staff who are being paid to do just exactly
that.

Paul Nuernberger

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Friday, October 10, 2003 7:55 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Firewall Service Problem


http://www.ISAserver.org


Remember; this client is literally bombarding the ISA with requests. While
the ISA team certainly stress-tested ISA, they can't possibly forsee or even
test every possible traffic pattern.

Blaster is particularly insidious; it overwhelms the target with RPC calls
that are specifically designed to bring the victim host to its knees.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Fri, 10 Oct 2003 04:40:28 +0000
 "osman filiz" <osmanfiliz@xxxxxxxxxxx> wrote: http://www.ISAserver.org


Hi Tom,
I think it is really so bad that just one client can make isa firewall
service down...Why isa dont disable this client?By default isa allow 40
simultantaneous connection, if there are more than 40 isa dropped the old
ones.So what is the problem?


>From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
>Reply-To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>Subject: [isalist] Re: Firewall Service Problem
>Date: Thu, 9 Oct 2003 10:31:44 -0500
>
>http://www.ISAserver.org
>
>
>Hi Osman,
>
>I understand that the amount of traffic can overwhelm even routers, so 
>there's nothing too unusual about this.
>
>HTH,
>Tom
>
>Thomas W Shinder
>www.isaserver.org/shinder
>ISA Server and Beyond: http://tinyurl.com/1jq1
>Configuring ISA Server: http://tinyurl.com/1llp
>
>
>
>
>-----Original Message-----
>From: osman filiz [mailto:osmanfiliz@xxxxxxxxxxx]
>Sent: Thursday, October 09, 2003 8:23 AM
>To: [ISAserver.org Discussion List]
>Subject: [isalist] Re: Firewall Service Problem
>
>
>http://www.ISAserver.org
>
>
>My client was infected by the msblast.exe virus, then firewall service 
>didnt work...I cant imagine that a virus can result this...
>
>
>>From: Jim Harrison <jim@xxxxxxxxxxxx>
>>Reply-To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>>To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>>Subject: [isalist] Re: Firewall Service Problem
>>Date: Thu, 09 Oct 2003 05:49:01 -0700
>>
>>http://www.ISAserver.org
>>
>>
>>Check your event logs.
>>Check your ISA service logs.
>>Somewhere in there are clues to the problem...
>>WHat does Task Manager tell you about overall machine resource usage?
>>
>>   Jim Harrison
>>   MCP(NT4, W2K), A+, Network+, PCG
>>   http://isaserver.org/Jim_Harrison/
>>   http://isatools.org
>>   Read the help / books / articles!
>>
>>
>>On Thu, 9 Oct 2003 04:28:25 -0600
>>  "osman" <osmanfiliz@xxxxxxxxxxx> wrote: http://www.ISAserver.org
>>
>>
>>Hi,
>>We have w2k with SP4,and ISA with SP1 is installed on it.Both web 
>>proxy and firewall service is working.Up to now there was no problem 
>>but
>today
>>firewall clients cannot work.Firewall service seemed running and there
>was
>>no event in the event viewer.After restarting the firewall service 
>>just
>a
>>few minutes clients can work but then again they cant, in the clients 
>>firewall clint problem cant reach the isa. Than we found that one of
>our
>>secure nat client machine (windows 98) makes the firewall service out
>of
>>service.When this client establish firewall client session to ISA then 
>>firewall service becomes unavailable without any error message.Any 
>>idea about the problem ?
>>

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*

All mail from this domain is virus-scanned with RAV. www.ravantivirus.com

^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security Resource
Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
pen@xxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

• » Firewall Service Problem
• » Re: Firewall Service Problem
• » Re: Firewall Service Problem
• » Re: Firewall Service Problem
• » Re: Firewall Service Problem
• » Re: Firewall Service Problem
• » Re: Firewall Service Problem
• » Re: Firewall Service Problem
• » Re: Firewall Service Problem
• » Re: Firewall Service Problem
• » Re: Firewall Service Problem

1. Home
2. isalist
3. Archive
4. 10-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---