Proxy 2.0 secure?

Choi, Byoung bchoi@visa.com
Mon, 29 Jun 1998 11:04:15 -0700


I hate the idea of being an unpaid ms debugger, but guess it'll do good
for people using their products.
set'em up and let's see what happens.  i assume you'll coordinate the
event - scheduling who'll do what type of probing at which time.

b-

	----------
	From:  Brian Steele
	Sent:  Friday, June 26, 1998 4:52 PM
	To:  Choi, Byoung; 'Mark Horn [ Net Ops ]'
	Cc:  Stout, Bill; Firewall-wizards
	Subject:  Re: Proxy 2.0 secure?

	>I found at least three types of hacks generating malformed
packets that
	>knocked out NT boxes with all the patches available from ms)

	A few months ago, when our NT server was crashed about 23 times
in one day
	by a hacker on the Internet sending malformed packets and the
like, MS
	recommended to me (before they brought out the relevant fix)
that I install
	Proxy Server 2.0 on the server to fix the problem.  They also
said that if I
	implement filtering at the router before the server, that may
cure the
	problem as well.  As I'm absolutely clueless about CISCO router
configs, I
	downloaded the MSP trial version.  The attacks stopped
afterwards, but I
	don't know whether this was due to the MSP, or the hacker moving
his efforts
	to more fertile grounds.

	So, how's about a test guys?

	I think I can find a spare PC somewhere among the office spares.
I can set
	up the most insecure "secure" MSP 2.0 system that I know of for
testing as
	follows:

	    1. Load up a copy of NTS4.0 (with all nnn hotfixes, lol) on
a
	        PC with two net cards, one facing the Internet, the
other
	        facing the local LAN.
	    2. Configure the server to be a PDC
	    3. Install MSP 2.0 on top of it
	    4. Install and configure MS RRAS (latest version)
	    5. Install a Win 95 PC on the "internal LAN"
	    6. Configure the MSP server to allow PPTP and outgoing
	        HTTP.

	Your task, should you choose to accept it, would be to test the
security of
	this system, via the usual DoS attacks, etc., etc.  with "bonus
points" for
	retrieving account information (usernames, passwords) or
protected files
	from the server, and even more bonus points if you're able to
access a file
	from a share on the Win95 box behind the server.  If you
succeed, my only
	request is that your post your method (and results) to this
list, and cc to
	Microsoft.  The intent of the test is to show whether or not
NT-based
	firewall systems are as good as their UNIX cousins.

	Configuration will take a few days (most of which will involve
identifying
	which PC to use among our spares :-)).

	Any takers?

	Brian Steele