[isalist] Re: VPN over the net
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 22 Mar 2006 20:31:24 -0600
http://www.ISAserver.org
-------------------------------------------------------
OK, that's true.
I can't say for sure without the actual capture, but if you combine the
following:
1. Clueless admin
2. Pattern seen in the capture
3. Reported error
I have a guess that fits within a 95% confidence interval.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Wednesday, March 22, 2006 8:28 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN over the net
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Could be - we need to see what's inside the packets; not just
> a text summary.
>
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> Sent: Wednesday, March 22, 2006 18:22
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: VPN over the net
>
> Bingo:
> "98", "22.160985", "206.248.138.108", "67.69.15.20", "TCP",
> "60637 > pptp [RST, ACK] Seq=373 Ack=213 Win=0 Len=0"
>
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org <http://www.isaserver.org/>
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> MVP
> -- ISA Firewalls
>
>
>
>
> ________________________________
>
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew English
> Sent: Wednesday, March 22, 2006 8:14 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: RE: [isalist] Re: VPN over the net
>
>
> Here is a dump off the ISA server just taken now using
> Ethereal. This time I just used the access rule I created for
> PPTP and L2PT which gave me the 619 error machine. I looked
> it up and several sites say that you need to have port 1723
> option and protocol #47 GRE as well. I don't see any GRE in
> ISA's protocol list so I am not sure if it's open by default or not.
>
> "77", "20.354517", "206.248.138.108", "67.69.15.20",
> "TCP", "60637 > pptp [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1412"
> "78", "20.356294", "67.69.15.20", "206.248.138.108",
> "TCP", "pptp > 60637 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460"
> "79", "20.708283", "206.248.138.108", "67.69.15.20",
> "TCP", "60637 > pptp [ACK] Seq=1 Ack=1 Win=65535 Len=0"
> "80", "20.711863", "206.248.138.108", "67.69.15.20",
> "PPTP", "Start-Control-Connection-Request"
> "81", "20.719783", "67.69.15.20", "206.248.138.108",
> "PPTP", "Start-Control-Connection-Reply"
> "82", "21.109566", "206.248.138.108", "67.69.15.20",
> "PPTP", "Outgoing-Call-Request"
> "83", "21.133715", "67.69.15.20", "206.248.138.108",
> "PPTP", "Outgoing-Call-Reply"
> "84", "21.489766", "206.248.138.108", "67.69.15.20",
> "PPTP", "Set-Link-Info"
> "85", "21.492862", "206.248.138.108", "67.69.15.20",
> "PPP LCP", "Configuration Request"
> "86", "21.514942", "67.69.15.20", "206.248.138.108",
> "PPP LCP", "Configuration Request"
> "87", "21.515068", "67.69.15.20", "206.248.138.108",
> "PPP LCP", "Configuration Ack"
> "88", "21.687898", "67.69.15.20", "206.248.138.108",
> "TCP", "pptp > 60637 [ACK] Seq=189 Ack=349 Win=65187 Len=0"
> "89", "21.881650", "206.248.138.108", "67.69.15.20",
> "PPP LCP", "Configuration Reject"
> "90", "21.881897", "67.69.15.20", "206.248.138.108",
> "PPP LCP", "Configuration Request"
> "91", "21.982027", "206.248.138.108", "67.69.15.20",
> "GRE", "Encapsulated PPP"
> "92", "22.088583", "206.248.138.108", "67.69.15.20",
> "PPP LCP", "Configuration Ack"
> "93", "22.089048", "67.69.15.20", "206.248.138.108",
> "PPTP", "Set-Link-Info"
> "94", "22.090538", "206.248.138.108", "67.69.15.20",
> "PPP LCP", "Identification"
> "95", "22.090965", "206.248.138.108", "67.69.15.20",
> "PPP LCP", "Identification"
> "96", "22.092652", "206.248.138.108", "67.69.15.20",
> "PPTP", "Set-Link-Info"
> "97", "22.102192", "67.69.15.20", "206.248.138.108",
> "PPP CHAP", "Challenge"
> "98", "22.160985", "206.248.138.108", "67.69.15.20",
> "TCP", "60637 > pptp [RST, ACK] Seq=373 Ack=213 Win=0 Len=0"
>
> Regards,
> Andrew
>
>
> All mail to and from this domain is GFI-scanned.
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
