Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bypassing ISA Server 2004 with IPv6

From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Sun, 09 Apr 2006 15:44:51 -0700
The "no excuse" is binding IPv6 to the adapters in the first place and
expecting an IPv4 app to filter it.   ISA doesn't filter NetBEUI either...
So, don't bind NetBEUI to the adapter, or better yet, if you do, don't
expect it to be filtered.

t


On 4/5/06 3:12 AM, "Christine Kronberg" <seeker () shalla de> spoketh to all:


On Tue, 4 Apr 2006, 3APA3A wrote:


Dear Romain.Le.Guen () romainl com,

Neither  ISA  Server  2004  nor Windows 2003 Basic Firewall support IPv6
filtering, IPX filtering, etc. This is different network protocol.


   That's no excuse for letting IPv6 packets pass the firewall.
   If I understand correctly this means that the internal LAN
   is open for any attacks as long as they are IPv6 based. If that
   is right, this is an extremly nasty bug. If ISA Server 2004
   and Windows 2003 Basic Firewall cannot filter that stuff it
   should simply drop it.

   Cheers,

   Chris Kronberg.
Previous By Date Next
Previous By Thread Next

Current thread: