ISA & TMG NAT behavior And MS08-037

“Microsoft Security Response Center (MSRC) issued bulletin MS08-037 to address vulnerabilities in DNS resolvers caused by predictable UDP source port usage. MSKB 956190 addresses behavior observed when traffic crosses a NAT-based firewall and provides workarounds to mitigate this behavior.

Traffic crossing a NAT device cannot be assumed to maintain the original source port because of the likelihood of multiple internal hosts using the same protocol to send traffic to the same external destination; especially in the case of an infrastructure protocol such as DNS. The NAT device will typically create a new connection to the external network using whatever source port allocation algorithm it has available. In the case of ISA and TMG, this is deferred to Windows; specifically Winsock.”

Go to to read the rest.



Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting

PROWESS CONSULTING documentation | integration | virtualization
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top