Re: Spoofing & Help

Tech-Archive recommends: Fix windows errors by optimizing your registry

:)

Cheers Allen.

The actual issue I would like to resolve (if at all possible) is the ISA
errors about spoofed addresses from subnets that are not directly connected
to the ISA box.

Although we have no problems routing and firewalling traffic to these
(remote) subnets (static entries in ISA routing table), it is most annoying
having red X's in the event logs! Also ISA threatens to drop these packets
(and this of course worries me!!)

I was hoping it would be possible due to the "Help" document that wasn't (in
this case).

Thanks for your help mate.
Tom
==================================

"AllenM" wrote:

> You're absolutely correct. It will block IP's from the SMTP connector. I
> assume that seeing how your issue concerns "spoofing" questions are
> concerning someone using your SMTP connector to do "spoofing". They are
> probably relaying through and you should turn relay off.
>
>
> "magician" <magician@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:F17D134F-676E-4FC1-B37B-71949F173D09@xxxxxxxxxxxxxxxx
> > Hi Allen,
> > Thanks for reply. So they lied huh!!
> >
> > I take it ESM=Exchange System Manager? Won't this only block smtp
> > connections to an exchange server? Surely....??
> >
> > "AllenM" wrote:
> >
> >> You cannot use ISA to determine if an IP address should be considered
> >> spoof.
> >> You can however, once it is determine by other means that an IP address
> >> is
> >> spoof, set up a rule and destination set to block it. However to block an
> >> IP
> >> is easier to use ESM if you're using Exchange.
> >>
> >>
> >> "magician" <magician@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:9E637641-B3E9-4DC1-B713-971A60139BE4@xxxxxxxxxxxxxxxx
> >> > In ISA 2004 Ent "Getting Started Guide" it says:
> >> >
> >> > "You can configure how ISA Server determines if traffic from a specific
> >> > IP
> >> > address should be considered spoofed."
> >> >
> >> > This is in the section Product Overview > New .. Features > Networks &
> >> > Network Objects then near the bottom in "Using enterprise networks at
> >> > the
> >> > array level"
> >> >
> >> > My question is: Where? How?
> >> >
> >> > How can you configure how ISA Server determines if traffic from a
> >> > specific
> >> > IP address should be considered spoofed????
> >> >
> >> > I can't find it anywhere?
> >>
> >>
> >>
>
>
>
.

Relevant Pages

  • Re: External messages "spoofed" as coming from our internal domain are accepted
    ... > external IP of an ISA firewall. ... > for "mydomain.com" to our Exchange Server. ... > The Exchange Server's SMTP connector - ... > rather than make ISA server do the job for Exchange. ...
    (microsoft.public.exchange2000.transport)
  • RE: ISA or PIX firewall or both?
    ... ISA is not necessary but recommended on the server. ... make sure your server isn't open-relay. ... | I have just installed SBS 2003 on our network. ... | Had to remove the SBS SMTP connector to stop getting ...
    (microsoft.public.windows.server.sbs)
  • Re: Best way to acomplish?
    ... Can't this be done simpler in the SMTP connector or in Exchange somewhere? ... What if the client didn't have premium (ISA) ... > exchange server. ...
    (microsoft.public.windows.server.sbs)
  • ISA or PIX firewall or both?
    ... I have just installed SBS 2003 on our network. ... using a PIX firewall so do I need to still use ISA? ... Had to remove the SBS SMTP connector to stop getting ...
    (microsoft.public.windows.server.sbs)
  • Re: access only to one external site
    ... In the same page that contains the checkbox above, make sure that ISA ... Microsoft Firewall service and Microsoft Web Proxy service are started. ... On a test client, login using the test user account, make sure that IE ... destination set, he should access them normally, any other sites should ...
    (microsoft.public.isa.configuration)