> -----Original Message----- > From: Ron DuFresne [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 16, 2002 11:27 > To: Noonan, Wesley > Cc: 'Schouten, Diederik (Diederik)'; 'Rink, Jesse'; > '[EMAIL PROTECTED]' > Subject: RE: Replacing my old PIX Classic > > On Tue, 16 Apr 2002, Noonan, Wesley wrote: > > Your checking must be a bit outdated and incomplete. I just checked > through my widows listings and found quite a few issues logged on ISA over > the last few years. some of which have been mentioned here before:
Could be. I know that it is at least 6 months since I was told this. Actually, I think my quote was bad. Checking the newsgroup (where I was told this), the statement was actually that there were no exploits in it's first 9 months, and 2 to date (again, about 6 months ago), neither of which provided access or left the box open (my response to that was I would hope not), and that one of them was not part of the default config in the first place (though that rings pretty hollow with me). > > --24 August 2001 Microsoft Releases IIS Lockdown Tool > > In the aftermath of Code Red, Microsoft released an IIS Lockdown Tool > > that disables many functions and services that could be exploited > > by attackers. > > http://www.computerworld.com/storyba/0,4125,NAV47_STO63310,00.html > > [Editor's (Schultz) Note: I understand the desire to turn off FTP > > and SMTP services, too, but I question the wisdom of doing this when > > the real problem is IIS Web servers. It is important to disable all > > unnecessary services, but having a tool that purports to fix IIS but > > then goes and does other things is not necessarily desirable.] IIS lockdown tool. This is kind of like the telnet exploit that you tried to pass off as a VLAN issue isn't it? > > --17 August 2001 Patch Available for ISA Server 2000 Flaws > > Microsoft has issued a patch to repair three holes in its Internet > > Security and Acceleration (ISA) Server 2000. Two of the flaws are > > memory leaks: one in the voice-over-IP capability, and one in the > > proxy service that could lead to denial of service. The third is an > > error message-handling problem that could allow attackers to execute > > malicious code and use cookies on the affected machines. > > > http://computerworld.com/nlt/1%2C3590%2CNAV65- > 663_STO63199_NLTSEC%2C00.html My bad, although this causes the box to fail closed, and is not on by default according to the guy I talked to. > > From: SecureXpert DIRECT Bulletin Service <[EMAIL PROTECTED]> > Subject: [SX-20010320-2] - Microsoft ISA Server Denial of Service > Date: Mon, 16 Apr 2001 11:47:59 -0400 > To: [EMAIL PROTECTED] > > FSC Internet Corp. / SecureXpert Labs Advisory [SX-20010320-2] > > Denial of Service in Microsoft ISA server v1.0 > <snip> Seems to be the same as above, fixed in the same patch. > > That's an awfully agressive statment considering the above. > Nah, I don't see it much different than the M$ crap that is so prevalent on this list, or the "ISA isn't a real firewall" bullshit. _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
