Proxy 2.0 secure?

Brian Steele steele_b@spiceisle.com
Fri, 26 Jun 1998 19:52:13 -0400


>I found at least three types of hacks generating malformed packets that
>knocked out NT boxes with all the patches available from ms)

A few months ago, when our NT server was crashed about 23 times in one day
by a hacker on the Internet sending malformed packets and the like, MS
recommended to me (before they brought out the relevant fix) that I install
Proxy Server 2.0 on the server to fix the problem.  They also said that if I
implement filtering at the router before the server, that may cure the
problem as well.  As I'm absolutely clueless about CISCO router configs, I
downloaded the MSP trial version.  The attacks stopped afterwards, but I
don't know whether this was due to the MSP, or the hacker moving his efforts
to more fertile grounds.

So, how's about a test guys?

I think I can find a spare PC somewhere among the office spares.  I can set
up the most insecure "secure" MSP 2.0 system that I know of for testing as
follows:

    1. Load up a copy of NTS4.0 (with all nnn hotfixes, lol) on a
        PC with two net cards, one facing the Internet, the other
        facing the local LAN.
    2. Configure the server to be a PDC
    3. Install MSP 2.0 on top of it
    4. Install and configure MS RRAS (latest version)
    5. Install a Win 95 PC on the "internal LAN"
    6. Configure the MSP server to allow PPTP and outgoing
        HTTP.

Your task, should you choose to accept it, would be to test the security of
this system, via the usual DoS attacks, etc., etc.  with "bonus points" for
retrieving account information (usernames, passwords) or protected files
from the server, and even more bonus points if you're able to access a file
from a share on the Win95 box behind the server.  If you succeed, my only
request is that your post your method (and results) to this list, and cc to
Microsoft.  The intent of the test is to show whether or not NT-based
firewall systems are as good as their UNIX cousins.

Configuration will take a few days (most of which will involve identifying
which PC to use among our spares :-)).

Any takers?

Brian Steele