RE: Urgent Help!!! Problems with IpHalfScan and Spoofing Attacks :o(
- From: "Matt" <matt@xxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 15 Aug 2001 15:22:46 -0700
From my limited understanding of ISA server these messages mean that you
don't have a real problem because the server is doing what it is suppose to
do. It is stopping the attack, or blocking them. If it were not you would
not get these alerts. As to how they work you need to get to some hacking
sites and do some serious reading.
Matt Kopf
-----Original Message-----
From: Carlos Mauricio Perez Cortes [mailto:mauriciop@xxxxxxxxxxxx]
Sent: Wednesday, August 15, 2001 3:11 PM
To: [ISAserver.org Discussion List]
Subject: Urgent Help!!! Problems with IpHalfScan and Spoofing Attacks :o(
Importance: High
Hello Friends,
I have been checking my ISA Server log files because I'm receiving a lot of
alerts about IP Spoofing and IP Half Scan Attacks. I found the following
suspicious entries in a log file called IPPEXTD20010814:
#Fields: date time source-ip destination-ip protocol
param#1 param#2 tcp-flags filter-rule interface
ip-header payload
14/08/2001 20:58:41 128.2.24.41 200.14.207.98 Tcp 21
21 FIN SYN IpHalfScan 200.14.207.98 45 00 00 28 9a 02
00 00 1c 06 d5 31 80 02 18 29 c8 0e cf 62 00 15 00 15 6b 4a b1 1f 71
44 96 13 50 03 04 04 58 55 00 00
14/08/2001 22:09:57 200.14.207.98 200.14.207.98 ICMP 8
0 - Spoof 200.14.207.98 45 00 00 3c 7d 36 00 00 7b 01 93 a8
c8 0e cf 62 c8 0e cf 62 08 00 2c 5c 01 00 20 00 61 62 63 64 65 66 67 68 69
6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69
Could you help me to understand that entries ??
Could you explain me how these attacks work ??
How can I block these attacks ??
Thanks for your help,
CARLOS MAURICIO PEREZ C.
Technical Support
s: mauriciop@xxxxxxxxxxxx <mailto:mauriciop@xxxxxxxxxxxx>
SoloSoft Ltda.
Other related posts:
