Hi Eddie, ISA Server uses Destination Sets to determine which Web Publishing Rule is used to redirect incoming requests, but I don't see how external users would be able to use these against you, unless they've compromise your server. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Eddie Kwong [mailto:eddiek@xxxxxxxxxxxx] Sent: Monday, February 24, 2003 8:57 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Major ISA Security question: http://www.ISAserver.org Since ISA will use destination for incoming request, I was afraid that people has been using my ISA as a bouncing wall and redirect traffic using my site name. (I could be wrong) -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Monday, February 24, 2003 8:00 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Major ISA Security question: http://www.ISAserver.org Hi Eddie, Why would you think your server was compromised? Thanks! Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Eddie Kwong [mailto:eddiek@xxxxxxxxxxxx] Sent: Monday, February 24, 2003 8:59 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Major ISA Security question: http://www.ISAserver.org My ISA server has Win2k and ISA installed and that is all of it. My network is quite simple, just a simple with ISA server that has two network cards. One facing the internal network, one connecting to a CISCO DSL modem/router, and then the DSL line to the outside world. I use the ISA enterprise version, no restriction for outbound, for inbound, there is a setup for Exchange 2000 using the default setup by ISA for Exchange 2000. There is also a OWA setup through https. I have all the necessary certificate setup, export by internal server, import by ISA server, etc... I also allow VPN access with PPTP and no IPSec. Other than these, I block(didn't set up) any other inbound access. Tom, does this mean that my ISA server has been compromised!!! And will allow forwarding of incoming requests to these FQDN??!!! Please help -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Sunday, February 23, 2003 12:45 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Major ISA Security question: http://www.ISAserver.org Hi Eddie, ISA Server Web Publishing Rules will use Destination Sets for the incoming request. This is the FQDN (and optionally a path) that is used by the external user to access the site. HTH, Tom Thomas W Shinder www.isaserver.org/shinder -----Original Message----- From: Eddie Kwong [mailto:eddiek@xxxxxxxxxxxx] Sent: Friday, February 21, 2003 3:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] Major ISA Security question: http://www.ISAserver.org Hi list members, Please help me out here. If I understand it right, for someone to publish an internal server through ISA server, other than other things that needs to be done, under the ISA server management you must go to Policy Elements -> Destination Sets and setup the INTERNAL server location there. I use all cap for INTERNAL because this is how I believed ISA server works. This rule is suppose to be for locating the internal server that has the web site you would like to publish. My problem: I have been too busy for the last two months and didn't get a chance to browse around ISA server for any un-usual events. This morning when I look, I found out that there is an extra Destination Set under the Policy Elements->Destination Sets. With the long name 'Friends Greeting Worm Block Properties', (every work spell as in the quotes) and the address were a list of *.friend.greeting.com *.friend.greetings.com 207.21.272.104 64.191.7.4 cool-downloads.com etc..... My 1 millions dollar Question: What is this? I am the only one in my organization that setup and manage ISA server and I didn't put that extra destination set in!!! Any ideas? Many thanks ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: eddiek@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')