RE: IP Spoofing
- From: "Larry Lentz" <Larry@xxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 17 Oct 2002 11:49:57 -0500
Thanks. I'll check that out. I don't host DNS except for locally.
-----Original Message-----
From: Sonny Mulitalo [mailto:SonnyM@xxxxxxxxxxxxx]
Sent: Wednesday, October 16, 2002 11:17 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IP Spoofing
http://www.ISAserver.org
Hi Larry,
If you host your own DNS servers then first thing you must check
is to tick 'secure cache against pollution' option and restricting zone
transfers to the appropriate servers. DNS spoofing is based on cache
poisoning and to further protect your external DNS servers from the
risks of DoS or spoofing attack your ISA server and boundary router must
be carefully configured in relation to DNS queries on port 53 (UDP). For
more information on spoofing and protection from it go to site SAN
Institute: http://www.sans.org
Hope that helps,
Sonny Mulitalo
P.S How well do you know Goldmine?
-----Original Message-----
From: Larry Lentz [mailto:Larry@xxxxxxxxxxxxxxxxx]
Sent: Thursday, 17 October 2002 1:58 p.m.
To: [ISAserver.org Discussion List]
Cc: Geeks; isalist@xxxxxxxxxxxxx
Subject: [isalist] IP Spoofing
http://www.ISAserver.org
Tom,
Thank you for your contributions to the ISA Server
discussion list. I have a question. I am experiencing IP Spoofing
attacks and don't know how to stop them. I have taken the offending IP
address out of the LAT and added a packet filter to block everything
from that IP address. Still it gets through. How does one combat these?
Knowing they're there is not enough :-)
Thanks!
Larry
----------------------------------------------
Larry Lentz, MCSE+I, MCDBA
MCSE on Windows 2000
GoldMine Certified Professional
Lentz Computer Services
GoldMine Solutions Partner
San Antonio, Texas
Larry@xxxxxxxxxxxxxxxxx
----------------------------------------------
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/
Windows Security Resource Site:
http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: sonnym@xxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: larry@xxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
