Results 1 to 5 of 5

Thread: ISA Server 2000 Firewall Vulnerability

  1. March 22nd, 2003, 09:36 AM #1
    powertoad5000
    powertoad5000 is offline
    Senior Member
    Join Date
    Jun 2002
    Posts
    405

    ISA Server 2000 Firewall Vulnerability

    Microsoft Warns of Firewall Flaw

    Microsoft is warning customers of another security vulnerability, this one affecting its Internet Security and Acceleration Server 2000 firewall and Web cache product.

    A software flaw was found in the ISA Server's Domain Name Service intrusion detection application filter that could allow an attacker to launch a denial of service attack against the ISA Server that prevents that device from processing DNS requests.
    Advertisement

    The ISA Server allows DNS requests to be passed from the Internet to an internal DNS server, a process known as DNS publishing.

    Application filters are used to analyze incoming data streams, including DNS requests. The filters enable the ISA Server to block, redirect, or modify data as it passes through the firewall. For example, the filters could guard against attacks embedded in Uniform Resource Locators, Microsoft said Wednesday.

    Because of the flaw, however, a specially formed DNS request, encountered under what Microsoft termed "a specific circumstance," causes the DNS server publishing feature to stop responding. DNS requests received by the ISA Server after the DoS attack would be stopped at the firewall, Microsoft said.

    While other ISA Server functions would be unaffected by the failure of the DNS publishing component, administrators would need to restart the ISA server to recover from the DoS attack, the company said.

    Microsoft rated the ISA Server vulnerability "moderate," saying that it could only be used in a DoS attack and did not offer attackers the ability to disable the firewall or gain administrative control of the ISA Server.
    Microsoft Security Bulletin MS03-009

    Flaw In ISA Server DNS Intrusion Detection Filter Can Cause Denial Of Service (331065)

    Originally posted: March 19, 2003

    Summary

    Who should read this bulletin: System administrators running Microsoft® Internet Security and Acceleration (ISA) Server 2000.

    Impact of vulnerability: Denial of Service

    Maximum Severity Rating: Moderate

    Recommendation: System administrators should consider installing the patch.

    End User Bulletin: An end user version of this bulletin is available at: http://www.microsoft.com/security/se.../ms03-009.asp.

    Affected Software:

    * Microsoft ISA Server
    Patch (English)

    MS are having a bad week aren't they?
    Reply With Quote Reply With Quote
  2. March 22nd, 2003, 12:36 PM #2
    MrLinus
    MrLinus is offline
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    I haven't set up an ISA server yet but after talking with friends, the thing strikes me as a giant headache waiting to happen without the vulnerability. I really wish that MS would stop with the "let's put everything together on one machine" concept. I can imagine if that thing gets overloaded, you lose both firewall and IDs at the same time. =P

    Sigh. I think I'll stick with Snort and IPtables on two machines.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage
    Reply With Quote Reply With Quote
  3. March 22nd, 2003, 03:38 PM #3
    shadow_dancer
    shadow_dancer is offline
    Senior Member
    Join Date
    Feb 2003
    Posts
    211
    here's tips to configure ISA Servre.

    Part I: To Add the Dial-Up Entry to ISA Server
    Some PPPoE software (such as WinPoet) are represented by a dial up entry. To configure ISA to use this entry for internet access:
    In the ISA Management interface, expand Policy Elements.
    Right-click Dial-up Entries, click New, and then click Dial-up Entry.
    Type a name and description, click the PPPoE dial-up entry by clicking Select, and then specify the appropriate account information (user name and password for the PPPoE connection) by clicking Set Account.
    Click OK.
    Part II: To Construct the LAT
    When you construct the LAT, include only the network adapter that represents the internal local area network (LAN). The inclusion of the network adapter that is connected to the DSL modem does not prevent network access, but it does pose a security risk on the internal network.
    Part III: To Configure Routing and Firewall/SecureNAT
    The final step is to ensure that both Web and Firewall/Secure NAT clients are routed through the PPPoE connection.
    Right-click Network Configuration, click Properties.
    Click to select Use Dial-up Entry check box.
    Click OK.
    Expand Network Configuration.
    Click Routing.
    Right-click, and then click Properties of any routes that you have configured that require access through the PPPoE adapter.
    On the Action tab, click to select the Use dial-up entry for primary route check box.
    Click OK.
    http://support.microsoft.com/?kbid=296534

    In this tutorial we will look at how to setup and configure ISA Server to work with a Cable Modem connection that uses dynamic IP address allocation
    To setup ISA server with cable modem, you can see the tutorial here .

    MS are having a bad week aren't they?
    i guess so mate .. M$ in bad week
    When I lay me down to sleep, Pray the LORD my soul to keep.
    If I die before i wake, Pray the LORD my soul to take.
    http://www.AntiOnline.com/sig.php?imageid=389
    Reply With Quote Reply With Quote
  4. March 24th, 2003, 07:34 AM #4
    KorpDeath
    KorpDeath is offline
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    ISA is yet another total waste of time. Security and Microsoft are mutually exclusive.... Microsoft security is an oxymoron. If you haven't learned THAT by now, no website will ever be able to help you

    Oh, yeah, IMHO, of course..
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson
    Reply With Quote Reply With Quote
  5. March 24th, 2003, 02:05 PM #5
    nirvanainheaven
    nirvanainheaven is offline
    Banned
    Join Date
    Sep 2002
    Posts
    17
    Any one help me some tool to exploit this vul?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules