RE: Proxy 2.0 secure?

["Choi, Byoung" <bchoi () visa com>]

I hate the idea of being an unpaid ms debugger, but guess it'll do good
for people using their products.
set'em up and let's see what happens.  i assume you'll coordinate the
event - scheduling who'll do what type of probing at which time.

b-

        ----------
        From:  Brian Steele
        Sent:  Friday, June 26, 1998 4:52 PM
        To:  Choi, Byoung; 'Mark Horn [ Net Ops ]'
        Cc:  Stout, Bill; Firewall-wizards
        Subject:  Re: Proxy 2.0 secure?

        >I found at least three types of hacks generating malformed
packets that
        >knocked out NT boxes with all the patches available from ms)

        A few months ago, when our NT server was crashed about 23 times
in one day
        by a hacker on the Internet sending malformed packets and the
like, MS
        recommended to me (before they brought out the relevant fix)
that I install
        Proxy Server 2.0 on the server to fix the problem.  They also
said that if I
        implement filtering at the router before the server, that may
cure the
        problem as well.  As I'm absolutely clueless about CISCO router
configs, I
        downloaded the MSP trial version.  The attacks stopped
afterwards, but I
        don't know whether this was due to the MSP, or the hacker moving
his efforts
        to more fertile grounds.

        So, how's about a test guys?

        I think I can find a spare PC somewhere among the office spares.
I can set
        up the most insecure "secure" MSP 2.0 system that I know of for
testing as
        follows:

            1. Load up a copy of NTS4.0 (with all nnn hotfixes, lol) on
a
                PC with two net cards, one facing the Internet, the
other
                facing the local LAN.
            2. Configure the server to be a PDC
            3. Install MSP 2.0 on top of it
            4. Install and configure MS RRAS (latest version)
            5. Install a Win 95 PC on the "internal LAN"
            6. Configure the MSP server to allow PPTP and outgoing
                HTTP.

        Your task, should you choose to accept it, would be to test the
security of
        this system, via the usual DoS attacks, etc., etc.  with "bonus
points" for
        retrieving account information (usernames, passwords) or
protected files
        from the server, and even more bonus points if you're able to
access a file
        from a share on the Win95 box behind the server.  If you
succeed, my only
        request is that your post your method (and results) to this
list, and cc to
        Microsoft.  The intent of the test is to show whether or not
NT-based
        firewall systems are as good as their UNIX cousins.

        Configuration will take a few days (most of which will involve
identifying
        which PC to use among our spares :-)).

        Any takers?

        Brian Steele