Re: How to restrict incoming VPN to one internal IP address

From: Scott Harding - MS MVP (scrockel_at_**NO_SPAM**hotmail.com)
Date: 11/12/04

• Next message: Frederic ESNOUF \(MVP-ISA\): "Netmon and command line"
• Previous message: Rian Gamal: "Re: Private IP addressing advice!!"
• In reply to: Scott Harding - MS MVP: "Re: How to restrict incoming VPN to one internal IP address"
• Next in thread: Leythos: "Re: How to restrict incoming VPN to one internal IP address"
• Reply:(deleted message) Leythos: "Re: How to restrict incoming VPN to one internal IP address"
• Messages sorted by: [ date ] [ thread ]

Date: Fri, 12 Nov 2004 13:50:52 -0700

Here's some. Not as current as the ISA one but certainly more relevant.
Hopefully you get the point ;)

      Check Point Patches Severe FireWall-1 Flaws
      By Dennis Fisher
      February 5, 2004

      Check Point Software Technologies Ltd. on Wednesday released a fix for
a set of severe security vulnerabilities in its FireWall-1 product that
enable attackers to execute commands on the vulnerable server. ADVERTISEMENT

      The problems are a group of format string flaws that appears when
FireWall-1 attempts to validate HTTP requests, according to analysts at
Internet Security Systems Inc., which discovered the flaws. Error messages
created when an invalid portion of a request is specified allow attackers to
provide their own format string specifiers. This in turn can lead to
corruption of memory and give attackers the ability to run their own code on
the server with super-user privileges.

      FireWall-1 is among the more widely deployed enterprise firewalls on
the Internet.

      Although ISS officials said exploiting the vulnerabilities is
difficult on some platforms, the company has developed an exploit that works
reliably. And, even failed attacks can interrupt all of the current HTTP
sessions on the FireWall-1 server.

      The vulnerability affects FireWall-1 NG with Application Intelligence,
FireWall-1 4.1 and FireWall-1 HTTP Security Server, which is included with
NG FP1, 2 and 3.

      ISS also found a vulnerability in an old version of Check Point's
VPN-1 product, which the company no longer supports. Check Point, based in
Ramat Gan, Israel, does not plan to release a patch for this issue.

-- 
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server
"Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in message
news:%23vH9QUPyEHA.2572@tk2msftngp13.phx.gbl...
> Checkpoint and Watchguard have had several updates over the years as well
> and usually MS fixes are the only ones people seem so upset by anyways.
You
> reasons are obviously personal. I also love Checkpoint and the Watchguard
> boxes and many of the other hardware firewalls but in reality most of them
> perform almost identically and most people choose one or the other based
on
> price/features and not on some personal bias ;) I currently have ISA and
> Checkpoint(different networks) in my office and have used several scanners
> including Nessus and many others and they both report the same things.
> Obviously everyone will have a different opinion on this so I don't want
to
> squabble and typically personal experience or other factors lead people to
> purchase different things but that isn't always based on fact.
>
> -- 
> Scott Harding
> MCSE, MCSA, A+, Network+
> Microsoft MVP - Windows NT Server
>
> "Leythos" <void@nowhere.org> wrote in message
> news:MPG.1bfb10d7c0d297719899ce@news-server.columbus.rr.com...
> > In article <eQSCLzaxEHA.2876@TK2MSFTNGP12.phx.gbl>,
> > scrockel@**NO_SPAM**hotmail.com says...
> > > Why would you never use ISA? Just because it is MS doesn't mean it
isn't
> > > secure. I personally believe it is one of the best and I have tried
them
> > > ALL!!
> >
> > This might explain it - since I've never seen an alert for the firewalls
> > that I use like this in years.
> >
> >    MS04-039   - Vulnerability in ISA Server 2000 and Proxy Server
> >                 2.0 Could Allow Internet Content Spoofing (888258)
> >
> >               - Affected Software:
> >                 - Microsoft Proxy Server 2.0 Service Pack 1
> >                 - Microsoft Internet Security and Acceleration
> >                   Server 2000 Service Pack 1 and Microsoft Internet
> >                   Security and Acceleration Server 2000
> >                   Service Pack 2
> >                 - Microsoft Small Business Server 2000 (which
> >                   includes Microsoft Internet Security and
> >                   Acceleration Server 2000)
> >                 - Microsoft Small Business Server 2003 Premium
> >                   Edition (which includes Microsoft Internet
> >                   Security and Acceleration Server 2000)
> >
> >               - Impact: Spoofing
> >               - Version Number: 1.0
> >
> > -- 
> > -- 
> > spamfree999@rrohio.com
> > (Remove 999 to reply to me)
>
>

• Next message: Frederic ESNOUF \(MVP-ISA\): "Netmon and command line"
• Previous message: Rian Gamal: "Re: Private IP addressing advice!!"
• In reply to: Scott Harding - MS MVP: "Re: How to restrict incoming VPN to one internal IP address"
• Next in thread: Leythos: "Re: How to restrict incoming VPN to one internal IP address"
• Reply:(deleted message) Leythos: "Re: How to restrict incoming VPN to one internal IP address"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint