ISA 2004 Intrusion Detection Modification?

• From: <stevec@xxxxxxxxxxx>
• To: <isalist@xxxxxxxxxxxxx>
• Date: Sun, 02 Oct 2005 23:59:08 -0400

I have a terminal server within my ISA 2004's "Internal Network" space. ISA,
via email, reports 


Subject:
ISA Server alert: An intrusion was attempted by an external user

Body:
"ISA Server detected an all port scan attack from Internet Protocol (IP)
address 192.168...."


This is not an external client, it is a local Terminal Server with a VB app
with many users on it, it's just the way the app works, it's not doing
anything bad.

Looking at the Intrusion Detection section in the ISA MMC, there doesn't
seem to be a way to setup exclusions for this alert. I'm getting spammed by
my ISA! What can I tweak to make this go away (please don't say "the VB app"
since it cost more than your house)?

Thanks.


  
  --
  http://www.atomic9.net/

Other related posts:

• » ISA 2004 Intrusion Detection Modification?
• » RE: ISA 2004 Intrusion Detection Modification?

1. Home
2. isalist
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---