[isalist] Re: Spoofing - ISA 2006 SP1
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Tue, 12 Aug 2008 08:08:23 -0500
http://www.ISAserver.org
-------------------------------------------------------
Unless you're using DHCP to assign VPN client addresses :)
Thomas W. Shinder, M.D., MCSE || Sr. Consultant / Technical Writer
shinder@xxxxxxxxxxxxxxxxxxxxx || www.prowessconsulting.com
Mobile: Pending || Phone: Pending || Fax (206) 443.1119
Blog: http://blogs.isaserver.org/shinder || Books: http://tinyurl.com/2gpoo8
PROWESS CONSULTING || documentation || integration || virtualization
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of
> Jim Harrison
> Sent: Tuesday, August 12, 2008 12:23 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: Spoofing - ISA 2006 SP1
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Don't use the same network range for VPN and internal networks.
> This isn't new since SP1.
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
> Behalf Of
> Raji Arulambalam
> Sent: Monday, August 11, 2008 10:17 PM
> To: [ISAserver Discussion List]
> Subject: [isalist] Spoofing - ISA 2006 SP1
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Hi
> I am getting these messages since applying SP1.
> This is for incoming VPN connections that get their IP# assigned from DHCP
> from the
> internal network.
> The ISA servers' internal network addresses is also 172.16.90.0/24
>
> How do I fix this? Would I exclude these ip# range from the internal network
> addresses?
>
> Cheers
> Raji
>
>
> ......
> Description: ISA Server detected a spoof attack from Internet Protocol (IP)
> address
> 172.16.90.4. A spoof attack occurs when an IP address that is not reachable
> via the
> interface on which the packet was received. If logging for dropped packets is
> set, you
> can view details in the firewall log.
>
> Description: ISA Server detected routes through the network adapter Internal
> NIC 172
> net that do not correlate with the network to which this network adapter
> belongs.
> When networks are configured correctly, the IP address ranges included in
> each array-
> level network must include all IP addresses that are routable through its
> network
> adapters according to their routing tables. Otherwise valid packets may be
> dropped as
> spoofed. The following ranges are included in the network's IP address ranges
> but are
> not routable through any of the network's adapters: 172.16.90.4-172.16.90.4;.
> Note that
> this event may be generated once after you add a route, create a remote site
> network,
> or configure Network Load Balancing and may be safely ignored if it does not
> re-
> occur.
>
> The routing table for the network adapter Internal includes IP address ranges
> that are
> not defined in the array-level network VPN Clients, to which it is bound. As
> a result,
> packets arriving at this network adapter from the IP address ranges listed
> below or
> sent to these IP address ranges via this network adapter will be dropped as
> spoofed.
> To resolve this issue, add the missing IP address ranges to the array network.
> The following IP address ranges will be dropped as spoofed:
> Internal:172.16.90.4-172.16.90.4;
> ''''''
>
> Email disclaimer: This email and any attachments are confidential. If you are
> not the
> intended recipient, do not copy, disclose or use the contents in any way. If
> you receive
> this message in error, please let us know by return email and then destroy the
> message. Environment Bay of Plenty is not responsible for any changes made to
> this
> message and/or any attachments after sending.
> ******************************************************
> This e-mail has been checked for viruses and none.
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
