RE: Major ISA Security question:

• From: "Eddie Kwong" <eddiek@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 24 Feb 2003 21:57:22 -0500

Since ISA will use destination for incoming request, I was afraid that people 
has been using my ISA as a bouncing wall and redirect traffic using my site 
name. (I could be wrong)

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Monday, February 24, 2003 8:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Major ISA Security question:


http://www.ISAserver.org


Hi Eddie,
 
Why would you think your server was compromised?
 
Thanks!

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 

-----Original Message-----
From: Eddie Kwong [mailto:eddiek@xxxxxxxxxxxx] 
Sent: Monday, February 24, 2003 8:59 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Major ISA Security question:


http://www.ISAserver.org



My ISA server has Win2k and ISA installed and that is all of it.

My network is quite simple, just a simple with ISA server that has two network 
cards. One facing the internal network, one connecting to a CISCO DSL 
modem/router, and then the DSL line to the outside world.

I use the ISA enterprise version, no restriction for outbound, for inbound, 
there is a setup for Exchange 2000 using the default setup by ISA for Exchange 
2000.

There is also a OWA setup through https. I have all the necessary certificate 
setup, export by internal server, import by ISA server, etc...

I also allow VPN access with PPTP and no IPSec.

Other than these, I block(didn't set up) any other inbound access.

Tom, does this mean that my ISA server has been compromised!!!  And will allow 
forwarding of  incoming requests to these FQDN??!!!

Please help 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Sunday, February 23, 2003 12:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Major ISA Security question:


http://www.ISAserver.org


Hi Eddie,
 
ISA Server Web Publishing Rules will use Destination Sets for the incoming 
request. This is the FQDN (and optionally a path) that is used by the external 
user to access the site. 
 
HTH,
Tom

Thomas W Shinder 
www.isaserver.org/shinder 

-----Original Message-----
From: Eddie Kwong [mailto:eddiek@xxxxxxxxxxxx] 
Sent: Friday, February 21, 2003 3:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Major ISA Security question:


http://www.ISAserver.org


Hi list members, Please help me out here.  
 
If I understand it right, for someone to publish an internal server through ISA 
server, other than other things that needs to be done, under the ISA server 
management  you must go to Policy Elements -> Destination Sets and setup the 
INTERNAL server location there.  I use all cap for INTERNAL because this is how 
I believed ISA server works.  This rule is suppose to be for locating the 
internal server that has the web site you would like to publish.
 
My problem: I have been too busy for the last two months and didn't get a 
chance to browse around ISA server for any un-usual events.  This morning when 
I look, I found out that there is an extra Destination Set under the Policy 
Elements->Destination Sets.  With the long name 'Friends Greeting Worm Block 
Properties', (every work spell as in the quotes) and the address were a list of 
*.friend.greeting.com
*.friend.greetings.com
207.21.272.104
64.191.7.4
cool-downloads.com
 
etc.....
 
My 1 millions dollar Question:  What is this?
 
I am the only one in my organization that setup and manage ISA server and I 
didn't put that extra destination set in!!!  
 
Any ideas?
 
Many thanks
 
 
 
 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
eddiek@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » Major ISA Security question:
• » Re: Major ISA Security question:
• » Re: Major ISA Security question:
• » Re: Major ISA Security question:
• » RE: Major ISA Security question:
• » RE: Major ISA Security question:
• » RE: Major ISA Security question:
• » RE: Major ISA Security question:
• » RE: Major ISA Security question:

1. Home
2. isalist
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---