RE: Packets with TCP flags set

["David Gillett" <gillettdavid () fhda edu>]

  Well, presumably it doesn't forward those extraneous flags to
the real servers it is proxying for, and doesn't respond as you've
described to clients you don't want connections from.
  Apparently ISA's philosophy is "allow unless blocked" more than
"deny unless permitted".  Depending on the sort of information and
resources you host and the risk-tolerance of your enterprise, this
might be appropriate.

David Gillett
 

> -----Original Message-----
> From: .\lgp [mailto:lgpmsec () gmail com] 
> Sent: Wednesday, September 16, 2009 12:10 AM
> To: gillettdavid () fhda edu; security-basics () securityfocus com
> Subject: RE: Packets with TCP flags set
>
> Hi David,
>
> Actually I encountered this on an ISA server that I was 
> scanning form an external perspective; this box is a Win2K3 
> currently directly connected to the public zone, and is 
> acting as a proxy.
>
> What do you think?
>
> -----Original Message-----
> From: David Gillett [mailto:gillettdavid () fhda edu]
> Sent: Wednesday, September 16, 2009 01:51
> To: '.\lgp'; security-basics () securityfocus com
> Subject: RE: Packets with TCP flags set
>
>   Do you have a real firewall, or do you rely on router 
> access lists to filter traffic?
>  
>   I ask because any of these will probably meet an ACL "established"
> condition and be
> treated as an already-filtered connection when in fact it 
> might be one another rule is intended to block.
>
> David Gillett
> CISSP CCNP
>
>
> > -----Original Message-----
> > From: .\lgp [mailto:lgpmsec () gmail com]
> > Sent: Sunday, September 13, 2009 3:46 PM
> > To: security-basics () securityfocus com
> > Subject: Packets with TCP flags set
> >
> > Hi list,
> >
> > I have a host that responds to a TCP SYN packet with at 
> least one of 
> > the following flags set with a SYN ACK packet: RST, FIN, 
> ACK, FIN|PSH. 
> > Two questions come to mind:
> > 1- is this a bad thing? If so, why?
> > 2- how to mitigate this issue?
> >
> > Thank you,
> > Lgp.
> >
> >
> > --------------------------------------------------------------
> > ----------
> > Securing Apache Web Server with thawte Digital Certificate In this 
> > guide we examine the importance of Apache-SSL and who needs an SSL 
> > certificate.  We look at how SSL works, how it benefits 
> your company 
> > and how your customers can tell if a site is secure. You 
> will find out 
> > how to test, purchase, install and use a thawte Digital 
> Certificate on 
> > your Apache web server. Throughout, best practices for set-up are 
> > highlighted to help you ensure efficient ongoing management of your 
> > encryption keys and digital certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;
> > e13b6be442f727d1
> > --------------------------------------------------------------
> > ----------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------