RE: Getting 15105 and 15108

  • From: "Steve Moffat" <steve@xxxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "Isa Weblist" <isalist@xxxxxxxxxxxxx>
  • Date: Sat, 29 May 2004 14:43:39 +0100

Remember, the alerts are coming from the external nic...which should
never be in the lat
 
HTH
Steve

________________________________

From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Saturday, May 29, 2004 10:39 AM
To: Isa Weblist
Subject: [isalist] RE: Getting 15105 and 15108


http://www.ISAserver.org

I beg to differ Mohammed, if someone is scanning from outside, and is
spoofing their address, then no matter what you add to the lat will not
stop these alerts, therefore the only way to fix it is to turn off the
alerts.
 
HTH
Steve

________________________________

From: mathif@xxxxxxxxxxxxxxx [mailto:mathif@xxxxxxxxxxxxxxx] 
Sent: Saturday, May 29, 2004 9:57 AM
To: Isa Weblist
Subject: [isalist] RE: Getting 15105 and 15108


http://www.ISAserver.org

Steve thatz never a solution... I had rather check the LAT and see if
the ISA is accessed over terminal and that IP entry is not listed in the
routing table.
NO offence intended :-)

Regards, 
Mohammed Athif Khaleel 
Asst.Network Engineer 
AlFaisaliah Group Information Technology 
Tel.: +966-1-461-0077 x.209 
Moble.: +966-509774015 
Email: mathif@xxxxxxxxxxxxxxx 
"Save Internet, Keep all the systems patched" 
Web: http://alfaisaliah.com <http://alfaisaliah.com/>  

        -----Original Message-----
        From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
        Sent: Friday, 28 May 2004 11:40 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Getting 15105 and 15108
        
        
        http://www.ISAserver.org
        
        turn off the alerts..
         
        Steve

________________________________

        From: Hamilton, Calvin [mailto:Calvin.Hamilton@xxxxxxxxxxxxxx] 
        Sent: Friday, May 28, 2004 4:25 PM
        To: Isa Weblist
        Subject: [isalist] Getting 15105 and 15108
        
        
        http://www.ISAserver.org
        

        What can I do to prevent or manage these events 

        15105 is ISA Server detected an all port scan attack from
Internet Protocol (IP) address 209.217.88.172 

        15108 is ISA Server detected a spoof attack from Internet
Protocol (IP) address 65.116.240.1 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        World of Windows Networking: http://www.windowsnetworking.com
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: steve@xxxxxxxxxxxxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        World of Windows Networking: http://www.windowsnetworking.com
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: mathif@xxxxxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 

        
________________________________

        This E-Mail is confidential. It is not intended to be read,
copied, disclosed or used by any person other than the recipient named
above. 

        

        

        Unauthorised use, disclosure, or copying is strictly prohibited
and may be unlawful. Optimum IT Solutions disclaims any liability for
any action taken in connection of this E-Mail. The comments or
statements expressed in this E-Mail are not necessarily those of Optimum
IT Solutions or its subsidiaries or affiliates.

        administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx
<mailto:administrator@xxxxxxxxxxxxxxxxxxxxxxxxxx>  
________________________________


        

        

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')




----------------------------------------------------- 

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom/which
they are addressed. If you have received this email in error please
notify the system manager at the following email address:
sadmin@xxxxxxxxxxxxxxx . Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Al Faisaliah Group. Internet
communications cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, arrive late or
contain viruses. The sender therefore does not accept liability for any
errors or omissions in the context of this message, which arise as a
result of Internet transmission. Finally, the recipient should check
this email and any attachments for the presence of viruses. Al Faisaliah
Group accepts no liability for any damage caused by any virus !
transmitted by this email. 

----------------------------------------------------- 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 05-2004