RE: Getting 15105 and 15108

  • From: mathif@xxxxxxxxxxxxxxx
  • To: isalist@xxxxxxxxxxxxx
  • Date: Sat, 29 May 2004 16:50:51 +0300

Steve, yes  if someone is scanning from outside, and is spoofing their
address...

Regards, 
Mohammed Athif Khaleel 
Asst.Network Engineer 
AlFaisaliah Group Information Technology 
Tel.: +966-1-461-0077 x.209 
Moble.: +966-509774015 
Email: mathif@xxxxxxxxxxxxxxx 
"Save Internet, Keep all the systems patched" 
Web: http://alfaisaliah.com <http://alfaisaliah.com/>  

-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Saturday, 29 May 2004 4:39 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Getting 15105 and 15108


http://www.ISAserver.org

I beg to differ Mohammed, if someone is scanning from outside, and is
spoofing their address, then no matter what you add to the lat will not stop
these alerts, therefore the only way to fix it is to turn off the  alerts.
 
HTH
Steve

   _____  

From: mathif@xxxxxxxxxxxxxxx [mailto:mathif@xxxxxxxxxxxxxxx] 
Sent: Saturday, May 29, 2004 9:57 AM
To: Isa Weblist
Subject: [isalist] RE: Getting 15105 and 15108


http://www.ISAserver.org

Steve thatz never a solution... I had rather check the LAT and see if the
ISA is accessed over terminal and that IP entry is not listed in the routing
table.
NO offence intended :-)

Regards, 
Mohammed Athif Khaleel 
Asst.Network Engineer 
AlFaisaliah Group Information Technology 
Tel.: +966-1-461-0077 x.209 
Moble.: +966-509774015 
Email: mathif@xxxxxxxxxxxxxxx 
"Save Internet, Keep all the systems patched" 
Web: http://alfaisaliah.com <http://alfaisaliah.com/>  

-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Friday, 28 May 2004 11:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Getting 15105 and 15108


http://www.ISAserver.org

turn off the alerts..
 
Steve

   _____  

From: Hamilton, Calvin [mailto:Calvin.Hamilton@xxxxxxxxxxxxxx] 
Sent: Friday, May 28, 2004 4:25 PM
To: Isa Weblist
Subject: [isalist] Getting 15105 and 15108


http://www.ISAserver.org


What can I do to prevent or manage these events 

15105 is ISA Server detected an all port scan attack from Internet Protocol
(IP) address 209.217.88.172 

15108 is ISA Server detected a spoof attack from Internet Protocol (IP)
address 65.116.240.1 



  ----------------------------------------------------- 
 This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom/which they are
addressed. If you have received this email in error please notify the system
manager at the following email address: sadmin@xxxxxxxxxxxxxxx
<mailto:sadmin@xxxxxxxxxxxxxxx>. Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Al Faisaliah Group. Internet communications
cannot be guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, arrive late or contain viruses. The sender
therefore does not accept liability for any errors or omissions in the
context of this message, which arise as a result of Internet transmission.
Finally, the recipient should check this email and any attachments for the
presence of viruses. Al Faisaliah Group accepts no liability for any damage
caused by any virus transmitted by this email. 
  -----------------------------------------------------

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 05-2004