Bugtraq mailing list archives
Re[3]: Bypassing ISA Server 2004 with IPv6
From: Christine Kronberg <seeker () shalla de>
Date: Sat, 15 Apr 2006 22:23:48 +0200 (CEST)
Dear 3APA3A,
Microsoft ISA Server can't filter events from Microsoft Mouse, but
Apples and peas?
Microsoft Mouse can be bound to computer. It's security risk, but I know how to secure mouse without ISA and I accept this risk.
Nice, that you do. If I manage by any means to see remotely that you have attached a mouse to your ISA and to (ab)use it, I'm much better that I thought - and you have much bigger problems than you thought. The nice thing about icmp is that I do not require much knowledge to get information remotely. Same true with ipv6. Unless something in between stops me. Which brings us back to the topic: a firewall allowing too much.
IPv6 can not be filtered by ISA, but it still can be filtered by different tools, or by it's own means, as IPv6 support network-level security. Unlike IPv4, IPv6 supports authentication, integrity checking and encryption natively. See ipsec6.exe and descriptions for Security Association Batabase and Security Policy Database.
So you state that it is perfectly well for a firewall to allow any traffic through. Per default? And that this firewall does not need to have the interface to configure what traffic is allowed? I disagree. If a firewall supports a protocol, that same firewall should also provide the proper means and interface to configure it. And not blow holes in networks. Cheers, Christine Kronberg.
Current thread:
- Bypassing ISA Server 2004 with IPv6 Romain . Le . Guen (Apr 03)
- Re: Bypassing ISA Server 2004 with IPv6 3APA3A (Apr 04)
- Re: Bypassing ISA Server 2004 with IPv6 Christine Kronberg (Apr 09)
- Re[2]: Bypassing ISA Server 2004 with IPv6 3APA3A (Apr 10)
- Re[2]: Bypassing ISA Server 2004 with IPv6 Christine Kronberg (Apr 14)
- Re[3]: Bypassing ISA Server 2004 with IPv6 3APA3A (Apr 15)
- Re[3]: Bypassing ISA Server 2004 with IPv6 Christine Kronberg (Apr 19)
- Re: Re[3]: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God) (Apr 20)
- Re: Re[3]: Bypassing ISA Server 2004 with IPv6 offtopic (Apr 20)
- Re: Bypassing ISA Server 2004 with IPv6 Christine Kronberg (Apr 09)
- Re: Re[2]: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God) (Apr 19)
- Re: Re[2]: Bypassing ISA Server 2004 with IPv6 Christine Kronberg (Apr 19)
- Re: Bypassing ISA Server 2004 with IPv6 3APA3A (Apr 04)
- Re: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God) (Apr 10)
- <Possible follow-ups>
- Re: Re: Bypassing ISA Server 2004 with IPv6 Romain . Le-Guen (Apr 09)
- Re: Bypassing ISA Server 2004 with IPv6 Thor (Hammer of God) (Apr 10)
- Re: Bypassing ISA Server 2004 with IPv6 noreply (Apr 11)