Re: MS Security Bulletin MS98-012, security updates for Microsoft PPT P

• To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
• Subject: Re: MS Security Bulletin MS98-012, security updates for Microsoft PPT P
• From: Chuck Flink <cflinkATT.COM>
• Date: Mon, 24 Aug 1998 11:10:56 -0400
• Comments: To: dfrhodestsoft.com
• In-Reply-To: <000201bdcf2c$f421fa20$01646464pat>
• Reply-To: Chuck Flink <cflinkATT.COM>
• Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>

In my experience, when stopping/killing the RRAS service, all routing
stops.  One messy thing is MAKE SURE YOU SET STATIC ROUTES IN RRAS ONLY.
I've gotten very confused about routes set at the CMD prompt via the
route command, persistent routes set with route -p, and routes set via
the RRAS GUI.  I suggest removing all other routes and using the GUI
interface only.  The when the router stops, routes disappear.

You're right that otherwise the "old" FILTERS seem to take over, but
routes should be gone, limiting the possible risk.....  What a mess.
Clearly, the GUI interface to the old filters should have been
removed when RRAS was installed...

I'd also like a clearer picture of how the Proxy 2.0 "dynamic filters"
interact with these other 2 filtering mechanisms when RRAS and Proxy
are both installed on NT.

As I indicated before, RRAS needs to be properly integrated.  It looks
like a 3rd-party add-on; it probably IS a prototype of what will be
integrated in NT5.  ....but I hate to wait.  These are good features,
just not a good management interface.

Microsoft, are you listening?  Informed insight welcome!

Chuck Flink   cwfatt.net  chuck_flinkhotmail.com

> -----Original Message-----
> From: dfrhodes [mailto:dfrhodestsoft.com]
> Sent: Monday, August 24, 1998 3:01 AM
> To: 'Chuck Flink'; NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
> Subject: RE: MS Security Bulletin MS98-012, security updates for
> Microsoft PPT P
>
>
> Another interesting item I've witnessed with the RRAS- It appears to 'take
> over' packet filtering functions from the built in IP services - but only
> while the RRAS service is running. Has anyone seen this? It would
> seem that
> if anyone could remotely crash RRAS, the IP stack would then be fully
> exposed (if filtering wasn't configured there as well)Not an obvious setup
> item to me.....
>
> David Rhodes
> dfrhodestsoft.net <mailto:dfrhodestsoft.net>
>

• Prev by Date: Re: Interesting 'feature' in IIS 4.0 SMTP Server component.
• Next by Date: Re: Directory names with dots
• Prev by thread: Re: MS Security Bulletin MS98-012, security updates for Microsoft PPT P
• Next by thread: Re: MS Security Bulletin MS98-012, security updates for Microsoft PPT P
• Index(es):
  • Date
  • Thread