RE: ISA Detects Port Scan from IP, It's MY IP??
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 9 Sep 2003 08:45:50 -0700
What do you find in the IPEXT..log for those events (remember; the logs are
GMT)?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Amy Babinchak" <Amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, September 09, 2003 08:09
Subject: [isalist] RE: ISA Detects Port Scan from IP, It's MY IP??
http://www.ISAserver.org
I have the same thing on one ISA implementation. I have not been able to
figure out the cause. But is hasn't caused any problems either.
I've checked the network configuration, the LAT, the DSL router, and I'm
using the same ISP at other locations with ISA server so I know its not
an ISP issue either.
I'll be interested in solutions to it as well. By chance is your ISA
server on an SBS machine?
Amy Babinchak
Technology Consultant
Harbor Computer Services
(248) 546-6056, (248) 890-1794
-----Original Message-----
From: Rod Buike [mailto:rodb@xxxxxxxxxx]
Sent: Tuesday, September 09, 2003 11:02 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA Detects Port Scan from IP, It's MY IP??
http://www.ISAserver.org
Event Type: Warning
Event Source: Microsoft ISA Server Control
Event Category: Packet filter
Event ID: 15105
Date: 9/9/2003
Time: 9:57:38 AM
User: N/A
Computer: PROXY
Description:
ISA Server detected an all port scan attack from Internet Protocol (IP)
address xxx.xxx.xxx.xxx. For more information about this event, see ISA
Server Help.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 1f 00 00 00 ....
Where xxx.xxx.xxx.xxx is MY external IP address. I get one of these pop
up in my Event Viewer every 30-45 minutes. What could cause this, any
resolution?
Rod B
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
Other related posts:
