| Microsoft Internet Security and Acceleration Server 2000 |
In a Web publishing scenario, an out-of-band denial-of-service attack may be attempted against a computer protected by ISA Server. If mounted successfully, this attack causes the computer to crash or causes a loss of network connectivity on vulnerable computers.
ISA Server can be configured to detect an attack and generate an alert regarding the attempted intrusion. The source of the attack will appear in the event log. As a response, you can run a script that denies publishing-server access to the specific IP addresses where the attack originated. This is demonstrated in the Visual Basic code and VBScript provided here.
The Visual Basic code for blocking access to a publishing server from a range of IP addresses is provided here.
Dim objFPC As New FPCLib.FPC
Dim array1 As FPCArray
Dim PublishingRules As FPCWebPublishingRules
Dim PublishingRule As FPCWebPublishingRule
Dim ClientSets As FPCClientAddressSets
Dim ClientSet As FPCClientAddressSet
Dim MyClientSets As FPCRefs
'Set the variable array1 equal to the array on which the script is being run
Set array1 = objFPC.Arrays.GetContainingArray
'Get the client address sets collection
Set ClientAddressSets = array1.PolicyElements.ClientAddressSets
'Add a client address set called "Attackers"
Set ClientAddressSet = ClientAddressSets.Add ("Attackers")
'Add a range of IP addresses to the client address set
Set ClientAddressSet = ClientAddressSet.Add("111.111.111.111", "111.111.111.115")
'Save the client address set
ClientAddressSets.Save
'Get the Web publishing rules collection
Set PublishingRules = array1.Publishing.WebPublishingRules
'Add a rule called "Stop Attackers"
Set PublishingRule = PublishingRules.Add("Stop Attackers")
'The next two lines make the rule use the intended client address set
'through the use of FPCRefs
Set MyClientSets = PublishingRule.ClientAddressSetsUsed
MyClientSets.Add "Attackers", "", fpcArrayScope
'The next five lines set the properties of the rule.
PublishingRule.SetWebSiteAndPorts fpcRouteDiscard, ""
PublishingRule.AppliesToMethod = fpcAppliesToClientSets
PublishingRule.SetDestination fpcAllInternalDestinations
PublishingRule.Description = "Stops attackers from accessing our site"
PublishingRule.Enabled = True
'Save the rule
PublishingRule.Save
The VBScript derived from the preceding Visual Basic code is shown here. Note the setting of the enumerated types as constants, as described in Using Enumerated Types in Scripts.
Sub AccessBlock()
const fpcArrayScope = 0
const fpcRouteDiscard = 0
const fpcAppliesToClientSets = 2
const fpcAllInternalDestinations = 1
Set objFPC = CreateObject ("FPC.Root")
Set array1 = objFPC.Arrays.GetContainingArray
Set ClientAddressSets = array1.PolicyElements.ClientAddressSets
Set ClientAddressSet = ClientAddressSets.Add("Attackers")
Set ClientAddressSet = ClientAddressSet.Add("111.111.111.111", "111.111.111.115")
ClientAddressSets.Save
Set PublishingRules = array1.Publishing.WebPublishingRules
Set PublishingRule = PublishingRules.Add("Stop Attackers")
Set MyClientSets = PublishingRule.ClientAddressSetsUsed
MyClientSets.Add "Attackers", "", fpcArrayScope
PublishingRule.SetWebSiteAndPorts fpcRouteDiscard, ""
PublishingRule.AppliesToMethod = fpcAppliesToClientSets
PublishingRule.SetDestination fpcAllInternalDestinations
PublishingRule.Description = "Stops attackers from accessing our site"
PublishingRule.Enabled = True
PublishingRule.Save
End Sub
AccessBlock