Re: Fragmented Attacks

• From: "Steve Moffat" <steve@xxxxxxxxxxxxxxxxxxxxxxxxxx>
• To: "Isa Weblist" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 20 Aug 2003 02:00:49 +0100

Mmmmm...then why does mine work  ip fragmenting enabled....ssl
owa...works perfickly

Steve 


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
Sent: Tuesday, August 19, 2003 9:54 PM
To: Isa Weblist

http://www.ISAserver.org


Hi Jim,

Also, as Stefaan Pouseele taught me a long time ago, if you perform
fragment filtering, any process that requires certificate exchange will
fail.

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server:
http://tinyurl.com/1llp 



-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, August 19, 2003 8:31 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Fragmented Attacks


http://www.ISAserver.org


Fragmentation detection is part of ISA's built-in IDS.
The disadvantage to using it is that many protocols (most notably,
streaming media), depend on fragmentation to send their data.

Don't confuse port scans with data acquisition; if your ISA is properly
configured, port scans just add information to your IP logs; they don't
provide the "intruder" any information.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!


On Tue, 19 Aug 2003 14:28:32 +0300
 "shivi" <shivi@xxxxxxxxxxx> wrote:
http://www.ISAserver.org


Does the ISA server detects fragmented attacks. I happen to experience
an Intruder is continuously able to perform port scan on the external
Interface while having his source IP blocked both on the perimeter
router and on the firewall as a packet filter deny rule.

Any thoughts?

Shiv

NB: Firewall has IDS enabled and keeps sending alerts.




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



This E-Mail is confidential. It is not intended to be read, copied, disclosed 
or used by any person other than the recipient named above.

Unauthorised use, disclosure, or copying is strictly prohibited and may be 
unlawful. Optimum IT Solutions disclaims any liability for any action taken in 
connection of this E-Mail. The comments or statements expressed in this E-Mail 
are not necessarily those of Optimum IT Solutions or its subsidiaries or 
affiliates.

administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx

Other related posts:

• » Fragmented Attacks
• » Re: Fragmented Attacks
• » Re: Fragmented Attacks
• » Re: Fragmented Attacks

1. Home
2. isalist
3. Archive
4. 08-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---