Yeah thats ssh tunneling which requires an open ssh port, your adding sh1t to the cart now.. Tom try a little tool (no pun intended) thor put me on to a while ago..fpipe from foundstone greg ________________________________ From: Mark Morgan [mailto:MMorgan@xxxxxxxxxxxxxxxxxxxxx] Sent: Sat 12/11/2005 7:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Securing TS http://www.ISAserver.org Yes I know that, it early and it's Friday, plus when you setup rdp over ssh tunneling you use 3389 as the source in putty because it's the other end of the connection! So :P IMPORTANT Notice: The information contained in this e-mail, including any attachments or other embedded messages, is legally privileged and confidential and is intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that any viewing, dissemination, distribution, retransmitting, or copying of this e-mail message is strictly prohibited. If you have received and/or are viewing this e-mail in error, please notify the sender immediately by reply e-mail, and delete this and all copies of this communication from your systems. Thank you. -----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Friday, November 11, 2005 11:43 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Securing TS http://www.ISAserver.org That's the *destination* port Mark, not the *source* port. Big difference ;) ----- Original Message ----- From: "Mark Morgan" <MMorgan@xxxxxxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, November 11, 2005 11:09 AM Subject: [isalist] Re: Securing TS http://www.ISAserver.org yes the client does allow you to use a different port all you need to do is type the ip:port# ie.. 192.168.1.1:55555 Thank You Mark J Morgan IS Coordinator Palm Drive Hospital 501 Petaluma Ave. Sebastopol, Ca. 95472 Email: mmorgan@xxxxxxxxxxxxxxxxxxxxx Voice: (707) 829-4242 Fax: (707) 829-4112 Mobile (707) 849-5576 IMPORTANT Notice: The information contained in this e-mail, including any attachments or other embedded messages, is legally privileged and confidential and is intended only for the use of the individual or entity to whom it is addressed. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that any viewing, dissemination, distribution, retransmitting, or copying of this e-mail message is strictly prohibited. If you have received and/or are viewing this e-mail in error, please notify the sender immediately by reply e-mail, and delete this and all copies of this communication from your systems. Thank you. -----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Thursday, November 10, 2005 8:51 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Securing TS http://www.ISAserver.org Yes, if the RDP client allowed you to specify a source port, but it doesn't. That's the buzz kill. So, if you want to use my patented "source port firewall rules" for MS RDP clients, you'll have to bounce it off a secondary connection (like fport.) t ----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, November 10, 2005 8:35 PM Subject: [isalist] Re: Securing TS http://www.ISAserver.org Dude, What do you mean by a secondary connection? Wouldn't just be a primary connection with a specified source port to the alternate secondary port? Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] > Sent: Thursday, November 10, 2005 10:30 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] Re: Securing TS > > http://www.ISAserver.org > > Publish on an alternate port, and change the name of the > admin account on > the box to prevent brute force attacks via RDP. > > If you have a savvy user, or if you can batch it up, publish > rules not only > based on the destination port, but the source port as well-- > that way you > can bounce off of a secondary connection specifying source > port and still > not have to worry about "raw" publishing (without a secondary > authentication > method.) > > t > > ----- Original Message ----- > From: "Andrew English" <andrew@xxxxxxxxxxxxxxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Thursday, November 10, 2005 8:21 PM > Subject: [isalist] Securing TS > > > http://www.ISAserver.org > > > Any good tips on security TS on ISA 2004 Server?? Someone > wants to setup > TS to access their accounting package from home, since VPN will knock > down their bandwidth (5Meg Down/800K UP) we decided that TS would be > their best bet. > > Andrew > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: > thor@xxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mmorgan@xxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.12.8/166 - Release Date: 11/10/2005 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.0/167 - Release Date: 11/11/2005 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mmorgan@xxxxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.0/167 - Release Date: 11/11/2005 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.0/167 - Release Date: 11/11/2005 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: greg@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx