ms-proxy2.0-attack.txt

`MSProxy 2.0 can be used to attack hosts on internal network  
  
Microsoft's Proxy server 2.0 can be used as a "gateway" to attack local networks from the outside, bypassing the  
proxy, even if IP forwarding is not enabled.  
  
MS Proxy has a bug that causes information whose origin is from an outside network and the destination is one of  
the interfaces of the Proxy machine to be passed to all other interfaces present on the MS Proxy machine. This  
makes it possible to use the MS Proxy machine as a gateway for attack on internal network machines.  
To attack a machine running MS Proxy, you just need to use strict source routing, and the make the last "hop" of the  
routing be the IP address of the internal network interface. Another possibility is to set the default gateway to the  
IP address of the internal IP network card on the proxy machine.  
  
Using one of these three methods can prevent this attack:  
1. Enable packet filtering on the internal interface and disallow inbound packet destined to port 80.  
2. Use access control, making it impossible to use the MS Proxy without a valid username and password.  
3. Flush the current settings of the static routing table (by using the command "route -f"). This will stop these  
attacks, but could have unexpected results (Such as making MS Proxy's unable to communicate correctly with  
internal and external computers)  
`