Syn Flood Update

• From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 5 Jan 2005 08:53:42 -0500

Ran network monitor looking for high volume of packets coming from any
particular network card. Found nothing.

Next we changed to another IP address in our currently allocated block.
No change in flooding. 

Asked for an allocation of different IP address block from ISP. Got run
through the ringer by the ISP telling me that this was all my fault and
that something on the internal network must be prompting this long list
of machines in other countries to flood our network or that the firewall
(non-ISA) is compromised. We're getting the new address block - he was
supposed to deliver yesterday but didn't. I've already scanned each PC
using spybot. I do not believe that there is anything internal causing
this problem. Short of re-imaging every machine is there anything I can
do to be certain?

Amy
 
 
 

Other related posts:

• » Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update

1. Home
2. isalist
3. Archive
4. 01-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---