ISA & TMG NAT behavior And MS08-037
"Microsoft Security Response Center (MSRC) issued bulletin MS08-037 to address vulnerabilities in DNS resolvers caused by predictable UDP source port usage. MSKB 956190 addresses behavior observed when traffic crosses a NAT-based firewall and provides workarounds to mitigate this behavior.
Traffic crossing a NAT device cannot be assumed to maintain the original source port because of the likelihood of multiple internal hosts using the same protocol to send traffic to the same external destination; especially in the case of an infrastructure protocol such as DNS. The NAT device will typically create a new connection to the external network using whatever source port allocation algorithm it has available. In the case of ISA and TMG, this is deferred to Windows; specifically Winsock."
Go to https://blogs.technet.com/isablog/archive/2008/08/28/isa-tmg-nat-behavior-and-ms08-037.aspx to read the rest.
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)