Proxy 2.0 secure?

Safier, Adam (GEIS) Adam.Safier@geis.ge.com
Tue, 30 Jun 1998 09:39:17 -0400


I hate to be the one to mention it but don't forget to get all the attack
permissions in nice legalese.

> -----Original Message-----
> From:	Choi, Byoung [SMTP:bchoi@visa.com]
> Sent:	Monday, June 29, 1998 2:04 PM
> To:	'Brian Steele'
> Cc:	Firewall-wizards
> Subject:	RE: Proxy 2.0 secure?
> 
> I hate the idea of being an unpaid ms debugger, but guess it'll do good
> for people using their products.
> set'em up and let's see what happens.  i assume you'll coordinate the
> event - scheduling who'll do what type of probing at which time.
> 
> b-
> 
> 	----------
> 	From:  Brian Steele
> 	Sent:  Friday, June 26, 1998 4:52 PM
> 	To:  Choi, Byoung; 'Mark Horn [ Net Ops ]'
> 	Cc:  Stout, Bill; Firewall-wizards
> 	Subject:  Re: Proxy 2.0 secure?
> 
> 	>I found at least three types of hacks generating malformed
> packets that
> 	>knocked out NT boxes with all the patches available from ms)
> 
> 	A few months ago, when our NT server was crashed about 23 times
> in one day
> 	by a hacker on the Internet sending malformed packets and the
> like, MS
> 	recommended to me (before they brought out the relevant fix)
> that I install
> 	Proxy Server 2.0 on the server to fix the problem.  They also
> said that if I
> 	implement filtering at the router before the server, that may
> cure the
> 	problem as well.  As I'm absolutely clueless about CISCO router
> configs, I
> 	downloaded the MSP trial version.  The attacks stopped
> afterwards, but I
> 	don't know whether this was due to the MSP, or the hacker moving
> his efforts
> 	to more fertile grounds.
> 
> 	So, how's about a test guys?
> 
> 	I think I can find a spare PC somewhere among the office spares.
> I can set
> 	up the most insecure "secure" MSP 2.0 system that I know of for
> testing as
> 	follows:
> 
> 	    1. Load up a copy of NTS4.0 (with all nnn hotfixes, lol) on
> a
> 	        PC with two net cards, one facing the Internet, the
> other
> 	        facing the local LAN.
> 	    2. Configure the server to be a PDC
> 	    3. Install MSP 2.0 on top of it
> 	    4. Install and configure MS RRAS (latest version)
> 	    5. Install a Win 95 PC on the "internal LAN"
> 	    6. Configure the MSP server to allow PPTP and outgoing
> 	        HTTP.
> 
> 	Your task, should you choose to accept it, would be to test the
> security of
> 	this system, via the usual DoS attacks, etc., etc.  with "bonus
> points" for
> 	retrieving account information (usernames, passwords) or
> protected files
> 	from the server, and even more bonus points if you're able to
> access a file
> 	from a share on the Win95 box behind the server.  If you
> succeed, my only
> 	request is that your post your method (and results) to this
> list, and cc to
> 	Microsoft.  The intent of the test is to show whether or not
> NT-based
> 	firewall systems are as good as their UNIX cousins.
> 
> 	Configuration will take a few days (most of which will involve
> identifying
> 	which PC to use among our spares :-)).
> 
> 	Any takers?
> 
> 	Brian Steele
>