Re: Why is ISA letting outside clients into DHCP and WINS?
From: Phillip Windell (_at_.)
Date: 07/30/04
- Next message: David Chadwick (dchadwick_at_tiffany.com): "Intrusion Detection & WHite Paper?"
- Previous message: IT Dep: "Intrusion-All port scan"
- In reply to: Arch Willingham: "Re: Why is ISA letting outside clients into DHCP and WINS?"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 30 Jul 2004 08:08:22 -0500
"Arch Willingham" <arch@tuparks.com> wrote in message
news:ONXUA4cdEHA.3616@TK2MSFTNGP10.phx.gbl...
> 1. VPN log does not show anyone coming in.
> 2. There is no wireless access point inside the building (however the
actual
> site is serviced via a wireless device off the side of a mountain).
> 3. The building has been locked for ten days with no people in the
building.
>
> I am confused to say the least!
Well those are still the general areas you will have to look. It can't come
through ISA because:
1. ISA is not a router and would not route from the outside to the inside.
2. ISA will not pass such requests from the outside to the inside unless the
WINS and DHCP were somehow "published" to the outside. That could never
happen by accident and would even be very difficult to do on purpose.
3. The Internet routing system is incapable of routing to your private
addresses.
4. DHCP requests are done by broadcasting and broadcasts do not cross
routers and certainly don't cross proxy servers. Such requests can only
cross a router if the router is specifically configured to pass those
requests to a particular destination, and as in #1, ISA is not a router.
-- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com
- Next message: David Chadwick (dchadwick_at_tiffany.com): "Intrusion Detection & WHite Paper?"
- Previous message: IT Dep: "Intrusion-All port scan"
- In reply to: Arch Willingham: "Re: Why is ISA letting outside clients into DHCP and WINS?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
