[isalist] Re: All Ports Scan from internal Exchange Server

• From: "John Toliver" <john.toliver@xxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Tue, 1 May 2007 17:54:15 -0400

It appears a compromised computer is somewhere on your network running "all
port" scans of the internal network.  I would start with any laptop machines
that regularly connect to other public networks and see if they have any
malware running on them.  An all port scan is what a PC with ill intent does
to check other machines for  back doors and vulnerabilities into it.
Besides, "BRICKHOUSE" isn't a common name for a business PC running on
professional network. :-)

hope this helps.....

On 5/1/07, ISA <ISA@xxxxxxxxxxxxxxxx> wrote:

 Hey Guys –



I am getting consistent events logging an all ports scan from my internal
Exchange server (pasted below). Is this unusual?

If so, what should my course of action be?



Thanks in advance!



Joseph Danielsen, CSBS, MCSA-Messaging, MCP

Network Blade Inc.

49 Marcy Street

Somerset, NJ 08873

732-213-0600

www.networkblade.com



Ask me why a *Microsoft Certified Small Business Specialist* is best for
your company

--
Patience yields far greater results than brute force or rage ever could so
relax......it's just life !!!

• References:
  • [isalist] All Ports Scan from internal Exchange Server
    • From: ISA

Other related posts:

• » [isalist] All Ports Scan from internal Exchange Server
• » [isalist] Re: All Ports Scan from internal Exchange Server
• » [isalist] Re: All Ports Scan from internal Exchange Server
• » [isalist] All Ports Scan from internal Exchange Server
• » [isalist] Re: All Ports Scan from internal Exchange Server
• » [isalist] Re: All Ports Scan from internal Exchange Server

1. Home
2. isalist
3. Archive
4. 05-2007

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---