Steve, yes if someone is scanning from outside, and is spoofing their address... Regards, Mohammed Athif Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 Moble.: +966-509774015 Email: mathif@xxxxxxxxxxxxxxx "Save Internet, Keep all the systems patched" Web: http://alfaisaliah.com <http://alfaisaliah.com/> -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Saturday, 29 May 2004 4:39 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Getting 15105 and 15108 http://www.ISAserver.org I beg to differ Mohammed, if someone is scanning from outside, and is spoofing their address, then no matter what you add to the lat will not stop these alerts, therefore the only way to fix it is to turn off the alerts. HTH Steve _____ From: mathif@xxxxxxxxxxxxxxx [mailto:mathif@xxxxxxxxxxxxxxx] Sent: Saturday, May 29, 2004 9:57 AM To: Isa Weblist Subject: [isalist] RE: Getting 15105 and 15108 http://www.ISAserver.org Steve thatz never a solution... I had rather check the LAT and see if the ISA is accessed over terminal and that IP entry is not listed in the routing table. NO offence intended :-) Regards, Mohammed Athif Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 Moble.: +966-509774015 Email: mathif@xxxxxxxxxxxxxxx "Save Internet, Keep all the systems patched" Web: http://alfaisaliah.com <http://alfaisaliah.com/> -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Friday, 28 May 2004 11:40 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Getting 15105 and 15108 http://www.ISAserver.org turn off the alerts.. Steve _____ From: Hamilton, Calvin [mailto:Calvin.Hamilton@xxxxxxxxxxxxxx] Sent: Friday, May 28, 2004 4:25 PM To: Isa Weblist Subject: [isalist] Getting 15105 and 15108 http://www.ISAserver.org What can I do to prevent or manage these events 15105 is ISA Server detected an all port scan attack from Internet Protocol (IP) address 209.217.88.172 15108 is ISA Server detected a spoof attack from Internet Protocol (IP) address 65.116.240.1 ----------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom/which they are addressed. If you have received this email in error please notify the system manager at the following email address: sadmin@xxxxxxxxxxxxxxx <mailto:sadmin@xxxxxxxxxxxxxxx>. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Al Faisaliah Group. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, arrive late or contain viruses. The sender therefore does not accept liability for any errors or omissions in the context of this message, which arise as a result of Internet transmission. Finally, the recipient should check this email and any attachments for the presence of viruses. Al Faisaliah Group accepts no liability for any damage caused by any virus transmitted by this email. -----------------------------------------------------