RE: Blocking inbound traffic by IP with ISA 2004 and... Firewall service hangs
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 8 Feb 2005 05:44:38 -0800
If you mean "can ISA do RBL lookups", then no.
-----Original Message-----
From: Darryl Janetzki [mailto:darrylj@xxxxxxxxxxxxxxxx]
Sent: Monday, February 07, 2005 11:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Blocking inbound traffic by IP with ISA 2004
and... Firewall service hangs
http://www.ISAserver.org
I solved the firewall service hangs.. I had inadvertently placed a few
IP addy's in the SMTP Filter Domain properties. It appears that ISA2004
does not like IP's in the SMTP filter properties...
Has anyone input on the blocking of inbound traffic by IP and DNS
Thanks
Darryl Janetzki
________________________________
From: Darryl Janetzki
Sent: Tuesday, 8 February 2005 1:25 AM
Subject: Blocking inbound traffic by IP with ISA 2004 and... Firewall
service hangs
I was trying to create a rule to block inbound traffic by IP address.
Ideally I'd like to create a "Villains destination set" and simply add
spammers and villains to this set to block inbound attempts to the
external interface of ISA2004
Domain name Sets/URL sets do not appear to be appropriate. Has any one
any suggestions on doing this?
The message screener does part of this function for SMTP screening and
adding the IP to the SMPT relay exception list in the connection
properties does a great job of whacking spam. I was more interested in
blocking access attempts to the ISA external interface for a site or
multiple sites using one rule and address set. Most spammers do not have
reverse lookups. IP blocking is the only way to block SPAM as forged
headers in the email and ISA logs give the wrong information. I have
found that by looking at the SPAM email and viewing the headers of the
email the IP of the originating SMTP server can be found... Drilling
ISA20004 message screener logs is a waste of time as it does not have
any information apart from farming a few word lists. (not much point in
blocking my own email addy)
Also, the firewall service is prone to hangs. If from the ISA 2004
console the service is attempted to be stopped the service hangs. A
reboot is the only fix. Stopping the service from the MMC produces the
same result. This bug occurred after a basic configuration of www, smtp
relay and ftp rules... The sever has singe P4 hyper threading enabled, 2
GB RAM 2 HD's W2k3 and ISA2004 std. I reinstalled (out of curiosity and
for practice) to test this "bug" and same thing occurs. Restoring the
server with no rules, the ISA 2004 server is OK What could be the
problem? Or should this feature in the ISA2004 console have a padlock on
it.Or be renamed "Hang Firewall service" The event log does not give any
clues
The Firewall service was stopped gracefully.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
At this point the ISA console is hung and the service is "stopping"
Thanks for any help
Darryl Janetzki
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
Other related posts: