Re: Fragmented Attacks

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 19 Aug 2003 19:53:45 -0500

Hi Jim,

Also, as Stefaan Pouseele taught me a long time ago, if you perform
fragment filtering, any process that requires certificate exchange will
fail.

HTH,
Tom

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 



-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Tuesday, August 19, 2003 8:31 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Fragmented Attacks


http://www.ISAserver.org


Fragmentation detection is part of ISA's built-in IDS.
The disadvantage to using it is that many protocols (most notably,
streaming media), depend on fragmentation to send their data.

Don't confuse port scans with data acquisition; if your ISA is properly
configured, port scans just add information to your IP logs; they don't
provide the "intruder" any information.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Tue, 19 Aug 2003 14:28:32 +0300
 "shivi" <shivi@xxxxxxxxxxx> wrote:
http://www.ISAserver.org


Does the ISA server detects fragmented attacks. I happen to experience
an Intruder is continuously able to perform port scan on the external
Interface while having his source IP blocked both on the perimeter
router and on the firewall as a packet filter deny rule.

Any thoughts?

Shiv

NB: Firewall has IDS enabled and keeps sending alerts.




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 08-2003