oww yeah , the firewall wont stop the attack and thats for sure ,
he used port 80 , thats what it looks in the isa LoG files .
let me show you this .
220.127.116.11 anonymous Microsoft Data Access Internet Publishing Provider DAV 1.1 2004-07-26 06:02:21 ISAFEGEO01 -
172.20.4.10 80 609 235 4118 http PUT http://172.20.4.10/www.arplhmd.cjb.net_025451 Inet 403
Now that was the weirdest request i ever seen lol !
one of our Developers as i Quoted b4 enabled some features like Write Permessions and enabled Cgi Scripts as well when we did'nt need them .
my Question was . how is he able to do that even though the ISA server is the one sending and retrieving the requests ISA1 (DNS) .
the hacker Does'nt have a direct access to the Webserver , im getting confuesed with ISA , cisco PIX was much easier and Safer .
Yourz , :roll:
P.S the webserver was updated with latest Patches + sp4 .
Re: I NeeD a Professional Help ! ISA
13 years 11 months ago #4579
well as far as i know isa is bearing an external ip address and an internal ip address. everytime that a user wishes to access say an email server, or in your case a web server, to the one accessing the site, the external ip address will be shown to the end user. then the job of the isa is to redirect the requesting party to the appropriate internal ip address of the web server. unless isa is properly configured to not allow anonymous connection with privileges, then anyone who gains access to you site could have the power to alter it according to their preference since according to you, your developers created the site with read, write permissions which is i believe is a no no...but anyway try to look at your isa server, and make sure that it functions not only as a proxy server but also a firewall as well...