[isalist] Re: Spoofing - ISA 2006 SP1

• From: Jim Harrison <Jim@xxxxxxxxxxxx>
• To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 11 Aug 2008 22:22:46 -0700

http://www.ISAserver.org
-------------------------------------------------------

Don't use the same network range for VPN and internal networks.
This isn't new since SP1.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Raji Arulambalam
Sent: Monday, August 11, 2008 10:17 PM
To: [ISAserver Discussion List]
Subject: [isalist] Spoofing - ISA 2006 SP1

http://www.ISAserver.org
-------------------------------------------------------

Hi
I am getting these messages since applying SP1.
This is for incoming VPN connections that get their IP# assigned from DHCP from 
the internal network.
The ISA servers' internal network addresses is also 172.16.90.0/24

How do I fix this? Would I exclude these ip# range from the internal network 
addresses?

Cheers
Raji


......
Description: ISA Server detected a spoof attack from Internet Protocol (IP) 
address 172.16.90.4. A spoof attack occurs when an IP address that is not 
reachable via the interface on which the packet was received. If logging for 
dropped packets is set, you can view details in the firewall log.

Description: ISA Server detected routes through the network adapter Internal 
NIC 172 net that do not correlate with the network to which this network 
adapter belongs. When networks are configured correctly, the IP address ranges 
included in each array-level network must include all IP addresses that are 
routable through its network adapters according to their routing tables. 
Otherwise valid packets may be dropped as spoofed. The following ranges are 
included in the network's IP address ranges but are not routable through any of 
the network's adapters: 172.16.90.4-172.16.90.4;. Note that this event may be 
generated once after you add a route, create a remote site network, or 
configure Network Load Balancing and may be safely ignored if it does not 
re-occur.

The routing table for the network adapter Internal includes IP address ranges 
that are not defined in the array-level network VPN Clients, to which it is 
bound. As a result, packets arriving at this network adapter from the IP 
address ranges listed below or sent to these IP address ranges via this network 
adapter will be dropped as spoofed. To resolve this issue, add the missing IP 
address ranges to the array network.
The following IP address ranges will be dropped as spoofed:
Internal:172.16.90.4-172.16.90.4;
''''''

Email disclaimer: This email and any attachments are confidential. If you are 
not the intended recipient, do not copy, disclose or use the contents in any 
way. If you receive this message in error, please let us know by return email 
and then destroy the message. Environment Bay of Plenty is not responsible for 
any changes made to this message and/or any attachments after sending.
******************************************************
This e-mail has been checked for viruses and none.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

• Follow-Ups:
  • [isalist] Re: Spoofing - ISA 2006 SP1
    • From: Andy Haigh

• References:
  • [isalist] Spoofing - ISA 2006 SP1
    • From: Raji Arulambalam

Other related posts:

• » [isalist] Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1
• » [isalist] Re: Spoofing - ISA 2006 SP1

1. Home
2. isalist
3. Archive
4. 08-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---