RE: Security hole at boot

  • From: Dar Scott <dsc@xxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sat, 29 Dec 2001 14:08:49 -0700


Hi Tom,

So far...

   FTP yes

   HTTP, telnet, terminal services no (but I may have goofed up something)

   NetBIOS partial (still working on this)

I think I need NetBIOS on inside adaptors and have shut this down the most I know how and still have it available for inside.

Here is how I am testing. On another machine I ping -n 700 x.x.x.x. Then I restart the server. As soon as I see three ping responses I start my other tests. 700 is lots more than I need, so I ^C when I don't need more pings.

Uh, is there an easy way to restart without logging in?

Now that I've blabbed about this on the list, I'm cracking down on when systems are restarted.

I'm still poking at it.

Thanks for the advice!

Dar




Hi Dar,

Interesting. I've noticed the same thing with pings, but I honestly
didn't think about the implications. Can you create
HTTP/FTP/SMTP/NetBIOS or any other session during this period?

Thanks!

Tom

-----Original Message-----
From: Dar Scott [mailto:dsc@xxxxxxxx]
Sent: Saturday, December 29, 2001 1:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Security hole at boot

http://www.ISAserver.org



For about 22 seconds at boot I can see ports on my external interface
before the IP filter kicks in.  I can ping the external interface
from another computer during this time.

I'm assuming I'm doing something wrong concerning when services are
started, but I'm at a loss.  A search for boot at isaserver.org or in
Shinder or Simmons got nowhere.

I haven't seen this at shutdown.  I haven't tested this for boot
after crash or power off.

Some of these ports I can shut off other ways (and normally have),
but I expect a firewall to protect me from forgetting those things.

Dar Scott



Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 12-2001