Spoof Attack
- From: "Kelli Irwin" <kirwin@xxxxxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 21 Aug 2001 15:10:32 -0400
Hi All,
I am relatively new to this "game" so please take it easy on me. :-)
I am getting almost endless Application Log Warning messages.
We will get these Application Event Log Warnings over several hours, as
few as 1 or 2 a minute and as many as 1 every second:
"ISA Server detected a spoof attack from Internet
Protocol (IP) address xxx.xxx.xxx.xxx.
A spoof attack occurs when an IP address that is not
reachable via the interface on which
the packet was received. If logging for dropped packets
is set, you can view details in
the packet filter log."
This sometimes causes an interruption of Internet service. If I try to
reach a Web Site the browser will error-out. When it does I will then
get this Application Event Log Error:
"The ISA Server services cannot create a packet filter
xxx.xxx.xxx.xxx.
This event occurs when there is a conflict between the
Local Address
Table (LAT) configuration and the Windows 2000 routing
table. Check
the routing table and the LAT to find the source of the
conflict."
The pattern is then that the Spoof messages will stop for a bit... then
the whole cycle will start over.
Could this be caused by our network being configured incorrectly? Are
there tools available that I can use to figure this out? Is this just a
plain ol' Spoof Attack?
I will add that we are running our own Exchange Server and also hosting
our own Web Site.
Any help will be appreciated.
Thanks,
Kelli M. Irwin
Other related posts:
