Results 1 to 5 of 5

Thread: ISA Server 2000 Firewall Vulnerability

  1. #1
    Senior Member
    Join Date
    Jun 2002

    ISA Server 2000 Firewall Vulnerability

    Microsoft Warns of Firewall Flaw

    Microsoft is warning customers of another security vulnerability, this one affecting its Internet Security and Acceleration Server 2000 firewall and Web cache product.

    A software flaw was found in the ISA Server's Domain Name Service intrusion detection application filter that could allow an attacker to launch a denial of service attack against the ISA Server that prevents that device from processing DNS requests.

    The ISA Server allows DNS requests to be passed from the Internet to an internal DNS server, a process known as DNS publishing.

    Application filters are used to analyze incoming data streams, including DNS requests. The filters enable the ISA Server to block, redirect, or modify data as it passes through the firewall. For example, the filters could guard against attacks embedded in Uniform Resource Locators, Microsoft said Wednesday.

    Because of the flaw, however, a specially formed DNS request, encountered under what Microsoft termed "a specific circumstance," causes the DNS server publishing feature to stop responding. DNS requests received by the ISA Server after the DoS attack would be stopped at the firewall, Microsoft said.

    While other ISA Server functions would be unaffected by the failure of the DNS publishing component, administrators would need to restart the ISA server to recover from the DoS attack, the company said.

    Microsoft rated the ISA Server vulnerability "moderate," saying that it could only be used in a DoS attack and did not offer attackers the ability to disable the firewall or gain administrative control of the ISA Server.
    Microsoft Security Bulletin MS03-009

    Flaw In ISA Server DNS Intrusion Detection Filter Can Cause Denial Of Service (331065)

    Originally posted: March 19, 2003


    Who should read this bulletin: System administrators running Microsoft® Internet Security and Acceleration (ISA) Server 2000.

    Impact of vulnerability: Denial of Service

    Maximum Severity Rating: Moderate

    Recommendation: System administrators should consider installing the patch.

    End User Bulletin: An end user version of this bulletin is available at:

    Affected Software:

    * Microsoft ISA Server
    Patch (English)

    MS are having a bad week aren't they?

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA
    I haven't set up an ISA server yet but after talking with friends, the thing strikes me as a giant headache waiting to happen without the vulnerability. I really wish that MS would stop with the "let's put everything together on one machine" concept. I can imagine if that thing gets overloaded, you lose both firewall and IDs at the same time. =P

    Sigh. I think I'll stick with Snort and IPtables on two machines.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Feb 2003
    here's tips to configure ISA Servre.

    Part I: To Add the Dial-Up Entry to ISA Server
    Some PPPoE software (such as WinPoet) are represented by a dial up entry. To configure ISA to use this entry for internet access:
    In the ISA Management interface, expand Policy Elements.
    Right-click Dial-up Entries, click New, and then click Dial-up Entry.
    Type a name and description, click the PPPoE dial-up entry by clicking Select, and then specify the appropriate account information (user name and password for the PPPoE connection) by clicking Set Account.
    Click OK.
    Part II: To Construct the LAT
    When you construct the LAT, include only the network adapter that represents the internal local area network (LAN). The inclusion of the network adapter that is connected to the DSL modem does not prevent network access, but it does pose a security risk on the internal network.
    Part III: To Configure Routing and Firewall/SecureNAT
    The final step is to ensure that both Web and Firewall/Secure NAT clients are routed through the PPPoE connection.
    Right-click Network Configuration, click Properties.
    Click to select Use Dial-up Entry check box.
    Click OK.
    Expand Network Configuration.
    Click Routing.
    Right-click, and then click Properties of any routes that you have configured that require access through the PPPoE adapter.
    On the Action tab, click to select the Use dial-up entry for primary route check box.
    Click OK.

    In this tutorial we will look at how to setup and configure ISA Server to work with a Cable Modem connection that uses dynamic IP address allocation
    To setup ISA server with cable modem, you can see the tutorial here .

    MS are having a bad week aren't they?
    i guess so mate .. M$ in bad week
    When I lay me down to sleep, Pray the LORD my soul to keep.
    If I die before i wake, Pray the LORD my soul to take.

  4. #4
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    ISA is yet another total waste of time. Security and Microsoft are mutually exclusive.... Microsoft security is an oxymoron. If you haven't learned THAT by now, no website will ever be able to help you

    Oh, yeah, IMHO, of course..
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  5. #5
    Join Date
    Sep 2002
    Any one help me some tool to exploit this vul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts