RE: We are getting a lot of DOS attacks
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 30 Apr 2003 18:52:22 -0500
Hi Sachin,
You need to analyze your packet filter logs to determine the nature of
the attacks. The ISA Server in most instances will ignore them. However,
there are a couple of circumstances that can create something that looks
like a DoS.
RE: all those open ports. How are they opened? There should be NO, NONE,
NOT ANY packet filters opened on the ISA Server to support connections
for internal network clients. Protocol Rules are used to control
outbound access for internal network clients.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Sachin Vaish (VGL) [mailto:sachin.vaish@xxxxxxxxxx]
Sent: Wednesday, April 30, 2003 2:54 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: We are getting a lot of DOS attacks
http://www.ISAserver.org
Oh I see.
We get scan attacks every minute or so in blocks of 1-2 hours and then
it
stops. It's more in the evening time really. But we do get a lot of port
scan attacks from our own ADSL routers which I don't understand. Any
idea
yourself?
So your saying in reality the ISA Server should be able to protect
itself
from DOS attacks regardless and not fall over? Is there a specific area
I
need to work on because I don't understand why this is happening?
Don't forget I am the on who has these 65,000 ports open for MSN voice
and
video.
Regards
Sachin Vaish
Vaioni Group Limited
t: 0870 160 0650
f: 0870 160 0651
http://www.vaioni.com
32 Leslie Hough Way
Manchester
M6 6AJ
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: 30 April 2003 00:53
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: We are getting a lot of DOS attacks
http://www.ISAserver.org
Hi Sachin,
What kind of DoS attacks? If the server is "falling over", they must be
with a baseball bat ;-)
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: sachin vaish [mailto:sachin.vaish@xxxxxxxxxx]
Sent: Tuesday, April 29, 2003 2:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] We are getting a lot of DOS attacks
http://www.ISAserver.org
Hi,
We are receiving a lot of DOS attacks and find that sometimes the server
fall over.
what can i do to prevent this from happening?
Sachin
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
sachin.vaish@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
