RE: Evaluation Version ISA

You should be reviewing the ISA IP log for any reported scans or intrusions.
ISA occasionally mistakes late packets for a scan and those events can be
safely ignored.
Frankly, if the"scan" is a one-time event, it's not worth your time.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://isaserver.org/pages/author_index.asp?aut=3
 http://isatools.org
 Read the help / books / articles!

----- Original Message -----
From: "Ged" <gerard.chadwick@xxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, October 16, 2002 3:13 PM
Subject: [isalist] RE: Evaluation Version ISA


http://www.ISAserver.org


Everything seems to be working fine now.  Disabled the personal firewall
in the XP client and that machine is working fine.

Generally, internet seems slow, have disabled active caching, and this
seems to have made a positive impact.  Played around with TTL values on
less frequent setting in cache config.

Had a couple of reports from the ISA of port scanning from two different
IP addresses today.  Footprinted one of them and got a contact from whois
database but they denied it.  Can this be caused by innocent, well non
dubious, practices by companies?  Or is there something ISA may have
misinterpreted do you think/know?

Ged.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



Other related posts: