Proxy 2.0 Packet Filtering Does Not Detect Change in Adapter Status in Windows 2000

• Microsoft Proxy Server version 2.0

SYMPTOMS

In Microsoft Windows 2000, you can enable or disable a network adapter without rebooting the computer. The change in adapter status takes effect immediately, without the need to reboot the computer.

Microsoft Proxy Server 2.0 includes a firewall feature that is implemented as a Packet Filter driver that is loaded below the IP stack on the Proxy server's external interfaces. An external interface is any network adapter whose IP address in not included in the Proxy local address table.

Proxy 2.0 cannot detect a change in network adapter status when an adapter is manually enabled or disabled while the Proxy services are running. If Packet Filtering is enabled on the Proxy server, Packet Filter settings do not apply to adapters that are added or enabled while the Proxy services are running. This could potentially be a security problem if a new adapter is enabled on an external network because the adapter does not use Packet Filtering; the server could be vulnerable to an attack.

RESOLUTION

To be sure that Packet Filtering is protecting the Proxy server, reboot the server after you enable or disable any external network adapters. This reinitializes all of the Proxy services and reloads the Packet Filter driver with the new adapter parameters. It is not enough to simply restart the Proxy services.

STATUS

Microsoft has confirmed this to be a problem in Proxy Server 2.0 on Windows 2000.

MORE INFORMATION

For additional information about configuring network adapters for Proxy Server, click the article number below to view the article in the Microsoft Knowledge Base:

Q243078 Proxy Server Network Interface Configuration

Additional query words:

Keywords : kbenv prodprx2
Version : winnt:2.0
Platform : winnt
Issue type : kbbug