Hi Sachin, You need to analyze your packet filter logs to determine the nature of the attacks. The ISA Server in most instances will ignore them. However, there are a couple of circumstances that can create something that looks like a DoS. RE: all those open ports. How are they opened? There should be NO, NONE, NOT ANY packet filters opened on the ISA Server to support connections for internal network clients. Protocol Rules are used to control outbound access for internal network clients. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Sachin Vaish (VGL) [mailto:sachin.vaish@xxxxxxxxxx] Sent: Wednesday, April 30, 2003 2:54 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: We are getting a lot of DOS attacks http://www.ISAserver.org Oh I see. We get scan attacks every minute or so in blocks of 1-2 hours and then it stops. It's more in the evening time really. But we do get a lot of port scan attacks from our own ADSL routers which I don't understand. Any idea yourself? So your saying in reality the ISA Server should be able to protect itself from DOS attacks regardless and not fall over? Is there a specific area I need to work on because I don't understand why this is happening? Don't forget I am the on who has these 65,000 ports open for MSN voice and video. Regards Sachin Vaish Vaioni Group Limited t: 0870 160 0650 f: 0870 160 0651 http://www.vaioni.com 32 Leslie Hough Way Manchester M6 6AJ -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: 30 April 2003 00:53 To: [ISAserver.org Discussion List] Subject: [isalist] RE: We are getting a lot of DOS attacks http://www.ISAserver.org Hi Sachin, What kind of DoS attacks? If the server is "falling over", they must be with a baseball bat ;-) Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: sachin vaish [mailto:sachin.vaish@xxxxxxxxxx] Sent: Tuesday, April 29, 2003 2:32 AM To: [ISAserver.org Discussion List] Subject: [isalist] We are getting a lot of DOS attacks http://www.ISAserver.org Hi, We are receiving a lot of DOS attacks and find that sometimes the server fall over. what can i do to prevent this from happening? Sachin ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: sachin.vaish@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')