He stole it... ;-p Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Thu, 6 May 2004 08:43:41 +1000 "Greg Mulholland" <gregstelatel@xxxxxxxxxxx> wrote: http://www.ISAserver.org That's a good one Tom, I'll have to remember that Greg Mulholland Stelatel Communications Unit 3 641-643 Centre Rd Bentleigh East, VIC Phone: (03) 9576-5699 Fax: (03) 9576-5899 gregstelatel@xxxxxxxxxxx www.stelatel.com -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, 6 May 2004 8:10 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Fw: MS04-11, SSL, and ISA Server http://www.ISAserver.org Hi Jim, Or as I tell Debi: "You can tell me to do it, or you can tell me how to do it, but not both" :-) Tom -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, May 05, 2004 3:59 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Fw: MS04-11, SSL, and ISA Server http://www.ISAserver.org ..as we've both said; "secure, fast or reliable; pick two"... Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Wed, 5 May 2004 14:46:45 -0500 "Thomas W Shinder" <tshinder@xxxxxxxxxxx> wrote: http://www.ISAserver.org Futher argument that ISA and SBS aren't two great tastes that taste great together on the edge. The poor firewall can't even do its job when using packet filters. Might as well just put a pix in front of it and forget ISA :-\ Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, May 05, 2004 2:51 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Fw: MS04-11, SSL, and ISA Server http://www.ISAserver.org Actually, the reason they chose that method is becuase of the custom ASP.Net apps they created for SBS. They need direct access to teh Client IP and web publishing can't do it. Additionally, server publishing to the local host gets you a source-IP of 127.0.0.1, so that option is also out. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Wed, 5 May 2004 14:36:10 -0500 "Thomas W Shinder" <tshinder@xxxxxxxxxxx> wrote: http://www.ISAserver.org Hi Jim, But I want to run OWA on my SBS box using packet filters for inbound TCP 443! ;-) Just to NO to ISA on SBS[TM] Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Wednesday, May 05, 2004 2:41 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Fw: MS04-11, SSL, and ISA Server http://www.ISAserver.org The flag is not only flying, the wind is about to tear it off in shreds. "ISA" istelf is not vulnerable. "Windows", which is what ISA runs on, may be vulnerable, depending on: 1. how ISA is configured 2. where the request is targeted. 3. what other applications (can we say IIS?) is running on the box I've personally tested this with two different forms of the exploit and I can state with complete assurance that at no point was the ISA web proxy service vulnerable to this attack. Details must accompany all claims of knowledge. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Wed, 5 May 2004 09:56:37 -0700 "Thor" <thor@xxxxxxxxxxxxxxx> wrote: http://www.ISAserver.org Go get 'em, Jim. ----- Original Message ----- From: "Kim, Cameron" <CKim@xxxxxxxx> To: <NTBUGTRAQ@xxxxxxxxxxxxxxxxxxxxxx> Sent: Tuesday, May 04, 2004 10:16 AM Subject: FW: MS04-11, SSL, and ISA Server I found this response to be very interesting. Thought people might want to know. Cameron Kim Mitsubishi Digital Electronics America -----Original Message----- From: Kayne Ian (Softlab) [mailto:Ian.Kayne@xxxxxxxxxxxxx] Sent: Tuesday, May 04, 2004 3:42 AM To: Kim, Cameron Subject: RE: MS04-11, SSL, and ISA Server Yes, it is vulnerable in every scenario. I've personally verified this using the remote shell exploit floating around. In one of the MS bulletins they state that ISA can prevent this vuln when all packet filters are enabled - I found this NOT to be true. ISA remained vulnerable. After the patch is installed, ISA starts logging SChannel errors when the vuln is attempted to be exploited. HTH. > -----Original Message----- > From: Kim, Cameron [mailto:CKim@xxxxxxxx] > Sent: 29 April 2004 02:12 > To: NTBUGTRAQ@xxxxxxxxxxxxxxxxxxxxxx > Subject: MS04-11, SSL, and ISA Server > > > Can this DoS be performed against an ISA server which proxies the SSL > connections? Most of the reports and comments have mentioned the fact > that DoS can be performed against IIS servers using SSL connections. > But I am not sure if the ISA Server 2000 web proxy actually uses the > Microsoft SSL Library. One would suppose so... > > Cameron Kim > Mitsubishi Digital Electronics America > > ----- > Earn up to 10 credit course hours toward the TruSecure ICSA > Practitioner (TICSA) Credential and receive a TICSA exam coupon by > attending the Infosecurity Canada 2004 conference. > Featured speaker, Marcus J. Ranum, TruSecure inventor of the proxy > firewall will present on June 3 at 11:30 AM. Visit <https://ticsa.trusecure.com> for certification details and <http://www.infosecuritycanada.com> for conference information. Become TICSA certified and see what happens! ----- ******************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use of the information contained within this email or attachments is strictly prohibited. Internet communications are not secure and Softlab does not accept any legal responsibility for the content of this message. Any opinions expressed in the email are those of the individual and not necessarily those of the Company. If you have received this email in error, or if you are concerned with the content of this email please notify the IT helpdesk by telephone on +44 (0)121 788 5480. ******************************************************************** ----- Earn up to 10 credit course hours toward the TruSecure ICSA Practitioner (TICSA) Credential and receive a TICSA exam coupon by attending the Infosecurity Canada 2004 conference. Featured speaker, Marcus J. Ranum, TruSecure inventor of the proxy firewall will present on June 3 at 11:30 AM. Visit <https://ticsa.trusecure.com> for certification details and <http://www.infosecuritycanada.com> for conference information. Become TICSA certified and see what happens! ----- ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gregstelatel@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')