RE: All Port Scans, false positive

A hacked router is one example... 

 

I'm not sure if I'm correct on this, but I understand it as an "All Port" scan 
in ISA actually means there 20 (default setting) ports scanned in quick 
succession, it doesn't necessarily mean ALL ports were tried.  The setting for 
this is in the "Configuration->General->Enable Intrusion Detection and DNS 
Attack Detection" menu.

 

________________________________

From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, September 14, 2005 12:30 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] All Port Scans, false positive

 

http://www.ISAserver.org
http://www.ISAserver.org

 

 

A question comes to me and I don't have the answer but I know that you guys 
will. If I have a router in front of my ISA/SBS server that only allows 4 ports 
through, how is it that all port scans are reported from IP addresses at 
Microsoft and the ISP on my ISA server? Is it a false positive? If so, what in 
the world causes it when there are only 4 accessible ports?

 

Amy

 

Harbor Computer Services

Small Business Computer Specialists

 

 

Client Blog: http://smalltechnotes.blogspot.com/

Tech Blog: http://isainsbs.blogspot.com/

Website: http://www.harborcomputerservices.net/

 

  

 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=alist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
dball@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=alist
Report abuse to listadmin@xxxxxxxxxxxxx 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=alist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?typeúQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
dball@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=alist
Report abuse to listadmin@xxxxxxxxxxxxx 

GIF image

GIF image

Other related posts: