Re: Why does it not work??
- From: Raji Arulambalam <rajia@xxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 16 Aug 2002 11:40:08 +1200
Hi Jim
Thanks. I will do that.
Cheers
---------------------------------------------
Raji Arulambalam
Systems Administrator
Bay of Plenty REGIONAL Council
P O Box 364 Whakatane.
NEW ZEALAND
Phone: 0800 ENV BOP (0800 368 267) +64 7 922 3390
Fax: 0800 ENV FAX (0800 368 329) +64 7 922 3393
http://envbop.govt.nz
--------------------------------------------
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, 16 August 2002 10:47 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Why does it not work??
http://www.ISAserver.org
It's a little convoluted, but here goes:
-
Your DS :
DomainName: *; would conceivably include any request made to your ISA
Path: /default.ida; none of the listed requests included this, so it won't
fire
DomainName: www; Code Red used www.worm.com; "www" is purely Nimda and
clones. Your local name
resolution scheme can affect how unqualified requests are dealt with an
cause this to be ignored
Path: /*
DomainName: /www; this is an illegal entry (can only precede the domain name
with a single "*") and
will be ignored by ISA
Path: /*
DomainName: *
Path: /*.exe*; ISA rejects this, you can only have one "*" at the end of
the path name
DomainName: *
Path: /cmd.exe; no request is limited to "/cmd.exe", so it won't fire on
this
DomainName: *
Path: /root.exe; no request is limited to "/root.exe", so it won't fire on
this
You're better off to limit the allow rules to very specific filters and let
the default rule tell
all the rest to bugger off.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison
http://jalojash.org/isatools
Read the books!
******************************************************
This e-mail has been checked for viruses and no viruses were detected.
Other related posts:
