| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 15 Apr 2006 22:23:48 +0200 (CEST) From: Christine Kronberg <seeker@...lla.de> To: 3APA3A <3APA3A@...URITY.NNOV.RU> Cc: bugtraq@...urityfocus.com Subject: Re[3]: Bypassing ISA Server 2004 with IPv6 Dear 3APA3A, > Microsoft ISA Server can't filter events from Microsoft Mouse, but Apples and peas? > Microsoft Mouse can be bound to computer. It's security risk, but I know > how to secure mouse without ISA and I accept this risk. Nice, that you do. If I manage by any means to see remotely that you have attached a mouse to your ISA and to (ab)use it, I'm much better that I thought - and you have much bigger problems than you thought. The nice thing about icmp is that I do not require much knowledge to get information remotely. Same true with ipv6. Unless something in between stops me. Which brings us back to the topic: a firewall allowing too much. > IPv6 can not be filtered by ISA, but it still can be filtered by > different tools, or by it's own means, as IPv6 support network-level > security. Unlike IPv4, IPv6 supports authentication, integrity checking > and encryption natively. See ipsec6.exe and descriptions for Security > Association Batabase and Security Policy Database. So you state that it is perfectly well for a firewall to allow any traffic through. Per default? And that this firewall does not need to have the interface to configure what traffic is allowed? I disagree. If a firewall supports a protocol, that same firewall should also provide the proper means and interface to configure it. And not blow holes in networks. Cheers, Christine Kronberg.
Powered by blists - more mailing lists