[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <C05EDC73.29FB%thor@hammerofgod.com>
Date: Sun, 09 Apr 2006 15:44:51 -0700
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: Christine Kronberg <seeker@...lla.de>,
Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: Bypassing ISA Server 2004 with IPv6
The "no excuse" is binding IPv6 to the adapters in the first place and
expecting an IPv4 app to filter it. ISA doesn't filter NetBEUI either...
So, don't bind NetBEUI to the adapter, or better yet, if you do, don't
expect it to be filtered.
t
On 4/5/06 3:12 AM, "Christine Kronberg" <seeker@...lla.de> spoketh to all:
> On Tue, 4 Apr 2006, 3APA3A wrote:
>
>> Dear Romain.Le.Guen@...ainl.com,
>>
>> Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6
>> filtering, IPX filtering, etc. This is different network protocol.
>
> That's no excuse for letting IPv6 packets pass the firewall.
> If I understand correctly this means that the internal LAN
> is open for any attacks as long as they are IPv6 based. If that
> is right, this is an extremly nasty bug. If ISA Server 2004
> and Windows 2003 Basic Firewall cannot filter that stuff it
> should simply drop it.
>
> Cheers,
>
> Chris Kronberg.
>
>
>
>
Powered by blists - more mailing lists