Firewall Wizards mailing list archives

RE: Dialog on Microsoft's Proxy server?

From: "Peter Hunt" <peter.hunt2 () virgin net>
Date: Fri, 12 Mar 1999 10:49:29 -0500

Thanks Rob, and yep I had missed your review.

As for the routing deficiences, here is a quick summary of our experience:

We had intended to use MSP for Intranet authentication & caching benefits
(security dictate on Proxy Intranet). Intranet testing looked good until we
configured the browsers for Internet-Proxy+Intranet-Proxy, when all Intranet
HTTP was forwarded upstream to our IBM managed firewall/proxy.

MS response (Europe) concluded two separate MSP architectures are currently
required to Proxy both Intranet & Internet. This is apparently due to MSP
routing design, which is apparently being changed and they have promised a
fix that we expect to receive soon.

I guess this means only the Proxy routing config option of 'direct-connect'
actually enables any routing decisions.

Pete

-----Original Message-----
From: Robert Graham [mailto:robert_david_graham () yahoo com]
Sent: Thursday, March 11, 1999 1:17 PM
To: Peter Hunt; Don Tuer; owner-firewall-wizards () nfr net
Subject: RE: Dialog on Microsoft's Proxy server?

Did you miss my review of my personal experiences at
http://www.nfr.net/firewall-wizards/mail-archive/1999/Feb/0175.html

Few people seemed willing to comment on that.

What routing deficiencies did you have? My impression is that IP
forwarding is extraordinarily dangerous on MS Proxy, especially since
WinNT is defenseless against source routing attacks.

Rob.

---Peter Hunt <peter.hunt2 () virgin net> wrote:


It's not just Don, I am also interested.

We just deployed MSP downstream to IBM firwall/proxy and found MSP

routing

defeciences (we are awaiting a custom MS hotfix!)

Pete

-----Original Message-----
From: owner-firewall-wizards () nfr net
[mailto:owner-firewall-wizards () nfr net]On Behalf Of Don Tuer
Sent: Wednesday, March 10, 1999 12:08 AM
To: owner-firewall-wizards () nfr net
Subject: Dialog on Microsoft's Proxy server?


Hello:

 I'm wondering if anyone on this list would like to dialog on

Microsoft's

Proxy server 2 or know of another list on the topic.

Thanks

Don Tuer


_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com

Current thread:

RE: Dialog on Microsoft's Proxy server? Russ (Mar 12)
- <Possible follow-ups>
- RE: Dialog on Microsoft's Proxy server? jboles (Mar 12)
- RE: Dialog on Microsoft's Proxy server? Robert Graham (Mar 12)
  - RE: Dialog on Microsoft's Proxy server? Peter Hunt (Mar 12)