RE: IP Spoofing

• From: "Sonny Mulitalo" <SonnyM@xxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 17 Oct 2002 17:17:21 +1300

Hi Larry,
 
If you host your own DNS servers then first thing you must check is to
tick 'secure cache against pollution' option and restricting zone
transfers to the appropriate servers. DNS spoofing is based on cache
poisoning and to further protect your external DNS servers from the
risks of DoS or spoofing attack your ISA server and boundary router must
be carefully configured in relation to DNS queries on port 53 (UDP). For
more information on spoofing and protection from it go to site SAN
Institute: http://www.sans.org
 
Hope that helps,
 
Sonny Mulitalo
 
P.S How well do you know Goldmine?

        -----Original Message-----
        From: Larry Lentz [mailto:Larry@xxxxxxxxxxxxxxxxx] 
        Sent: Thursday, 17 October 2002 1:58 p.m.
        To: [ISAserver.org Discussion List]
        Cc: Geeks; isalist@xxxxxxxxxxxxx
        Subject: [isalist] IP Spoofing
        
        
        http://www.ISAserver.org
        
        

        Tom, 

        Thank you for your contributions to the ISA Server discussion
list.  I have a question. I am experiencing IP Spoofing attacks and
don't know how to stop them. I have taken the offending IP address out
of the LAT and added a packet filter to block everything from that IP
address. Still it gets through. How does one combat these? Knowing
they're there is not enough :-)

        Thanks! 
        Larry 
        ---------------------------------------------- 
        Larry Lentz, MCSE+I, MCDBA 
        MCSE on Windows 2000 
        GoldMine Certified Professional 
        Lentz Computer Services 
        GoldMine Solutions Partner 
        San Antonio, Texas 
        Larry@xxxxxxxxxxxxxxxxx 
        ---------------------------------------------- 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Exchange Server Resource Site: http://www.msexchange.org/
        Windows Security Resource Site: http://www.windowsecurity.com/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: sonnym@xxxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts:

• » IP Spoofing
• » RE: IP Spoofing
• » RE: IP Spoofing
• » RE: IP Spoofing

1. Home
2. isalist
3. Archive
4. 10-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---