Re: Continuous Port Scan on ISA

Use the http://isatools.org/BlockAttacker.zip script
Make sure that you surround the command line if there are spaces in it.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://isaserver.org/pages/author_index.asp?aut=3
 http://isatools.org
 Read the help / books / articles!

----- Original Message -----
From: "Vinaykumar G" <G.VINAY@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, November 28, 2002 10:19 PM
Subject: [isalist] Continuous Port Scan on ISA


http://www.ISAserver.org


Hi All,
      We have ISA as firewall in Integrated mode. From last one week we have
continuous Port Scan attack on our Network. Though ISA is detecting them all
and
intimating us about that. Is there anyway by which we can restrict anyone by
launching such attacks on our Network. Pls. advice.

ISA gives  following message:

From: Firewall Administrator
Sent: Thursday, November 28, 2002 6:52 PM
To: xxxxxxxxxxxxx
Subject: ISA Server alert: An intrusion was attempted by an external
user.




ISA Server detected an all port scan attack from Internet Protocol (IP)
address xx.xxx.xxx.xxx

For more information about this event, see ISA Server Help.





Regards,
Vinay.



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts: