Welcome to ISAserver.org

TMG security show internal IPs

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> TMG security show internal IPs

Page: [1]

Message

<< Older Topic Newer Topic >>

TMG security show internal IPs - 26.Oct.2011 7:15:15 AM

machamma

Posts: 14
Joined: 11.Jun.2008
Status: offline

Dear Friends,

Recently one guy from a security company sent me an report of some tests that he made against my firewall (TMG All patched).

On that report he said that because of a Windows vulnerability he could list all my IPs of internal network.

He sent me a list of those IPs, and he is right.

Could you please give me any directions of how can I find this security problem?

I don�t have any idea.

Best Regards

Post #: 1

Featured Links*

RE: TMG security show internal IPs - 26.Oct.2011 8:23:34 AM

dvizzle

Posts: 236
Joined: 20.Apr.2009
Status: offline

Did he send you the report? Most of those companies or software packages that do those security scans, link you to solutions to the problem within the report.

(in reply to machamma)

Post #: 2

RE: TMG security show internal IPs - 26.Oct.2011 8:33:43 AM

machamma

Posts: 14
Joined: 11.Jun.2008
Status: offline

Dear dvizzle,

The problem is that he just sent me the problem, if I want details, I�ll have to pay.

I�d like to know if there�s any other way to try to detect what vulnerability is this...

My TMG has 2 Nics, all patched, I don�t have any idea what would cause this.

Thanks

(in reply to machamma)

Post #: 3

RE: TMG security show internal IPs - 26.Oct.2011 9:04:18 AM

dvizzle

Posts: 236
Joined: 20.Apr.2009
Status: offline

Download an open source linux boot CD like Knoppix, and run some of the open source security scanners against your TMG box like nessus or nmap.

(in reply to machamma)

Post #: 4

RE: TMG security show internal IPs - 26.Oct.2011 9:27:02 AM

machamma

Posts: 14
Joined: 11.Jun.2008
Status: offline

Thanks!

I�ll see what I can do... I am not good at all with Linux.

Best Regards

(in reply to dvizzle)

Post #: 5

RE: TMG security show internal IPs - 27.Oct.2011 12:10:59 PM

machamma

Posts: 14
Joined: 11.Jun.2008
Status: offline

Hi!

I found a Windows version of Nessus (Home License) adn nmap.

Both of them did not find any critical problem, nessus just mentioned low, dns name resolution, and 4 more things..

Do you have anything else that i can try to identify how could be possible to list my internal IPs through TMG external interface?

I mean, for example: TMG internal NIC 192.168.1.100

He sent me a list of 192.168.1.200, 192.168.1.201, 192.168.1.202, and these IPs are my internal servers.

Thanks again!!

(in reply to machamma)

Post #: 6

RE: TMG security show internal IPs - 27.Oct.2011 2:52:08 PM

paulo.oliveira

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline

Hi,

interesting. Did he scan your TMG from internet?

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to machamma)

Post #: 7

RE: TMG security show internal IPs - 28.Oct.2011 3:58:54 AM

machamma

Posts: 14
Joined: 11.Jun.2008
Status: offline

Hi Paulo,

Yes, from Internet!

Regards,
Marcos

(in reply to paulo.oliveira)

Post #: 8

RE: TMG security show internal IPs - 28.Oct.2011 11:47:46 AM

railfan

Posts: 62
Joined: 13.Sep.2011
Status: offline

What is the name of the security company that send you the report?

I would be highly suspicious. Are you publishing anything from within TMG itself?

Make sure you aren't dealing with a botnet or spyware company that harvested your internal IPs from a compromised PC in your network.

(in reply to machamma)

Post #: 9