RE: Proxy 2.0 secure?

["Safier, Adam (GEIS)" <Adam.Safier () geis ge com>]

I hate to be the one to mention it but don't forget to get all the attack
permissions in nice legalese.

> -----Original Message-----
> From: Choi, Byoung [SMTP:bchoi () visa com]
> Sent: Monday, June 29, 1998 2:04 PM
> To:   'Brian Steele'
> Cc:   Firewall-wizards
> Subject:      RE: Proxy 2.0 secure?
>
> I hate the idea of being an unpaid ms debugger, but guess it'll do good
> for people using their products.
> set'em up and let's see what happens.  i assume you'll coordinate the
> event - scheduling who'll do what type of probing at which time.
>
> b-
>
>       ----------
>       From:  Brian Steele
>       Sent:  Friday, June 26, 1998 4:52 PM
>       To:  Choi, Byoung; 'Mark Horn [ Net Ops ]'
>       Cc:  Stout, Bill; Firewall-wizards
>       Subject:  Re: Proxy 2.0 secure?
>
>       >I found at least three types of hacks generating malformed
> packets that
>       >knocked out NT boxes with all the patches available from ms)
>
>       A few months ago, when our NT server was crashed about 23 times
> in one day
>       by a hacker on the Internet sending malformed packets and the
> like, MS
>       recommended to me (before they brought out the relevant fix)
> that I install
>       Proxy Server 2.0 on the server to fix the problem.  They also
> said that if I
>       implement filtering at the router before the server, that may
> cure the
>       problem as well.  As I'm absolutely clueless about CISCO router
> configs, I
>       downloaded the MSP trial version.  The attacks stopped
> afterwards, but I
>       don't know whether this was due to the MSP, or the hacker moving
> his efforts
>       to more fertile grounds.
>
>       So, how's about a test guys?
>
>       I think I can find a spare PC somewhere among the office spares.
> I can set
>       up the most insecure "secure" MSP 2.0 system that I know of for
> testing as
>       follows:
>
>           1. Load up a copy of NTS4.0 (with all nnn hotfixes, lol) on
> a
>               PC with two net cards, one facing the Internet, the
> other
>               facing the local LAN.
>           2. Configure the server to be a PDC
>           3. Install MSP 2.0 on top of it
>           4. Install and configure MS RRAS (latest version)
>           5. Install a Win 95 PC on the "internal LAN"
>           6. Configure the MSP server to allow PPTP and outgoing
>               HTTP.
>
>       Your task, should you choose to accept it, would be to test the
> security of
>       this system, via the usual DoS attacks, etc., etc.  with "bonus
> points" for
>       retrieving account information (usernames, passwords) or
> protected files
>       from the server, and even more bonus points if you're able to
> access a file
>       from a share on the Win95 box behind the server.  If you
> succeed, my only
>       request is that your post your method (and results) to this
> list, and cc to
>       Microsoft.  The intent of the test is to show whether or not
> NT-based
>       firewall systems are as good as their UNIX cousins.
>
>       Configuration will take a few days (most of which will involve
> identifying
>       which PC to use among our spares :-)).
>
>       Any takers?
>
>       Brian Steele
>