Re: Well known scan-attack

  • From: "Andrey Silkin" <silkin@xxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 29 Oct 2003 17:39:55 +0300

So what do I must to do in this situation ? 
 
 
Best Regards
Andrey Silkin
 
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] 
Sent: Wednesday, October 29, 2003 5:20 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Well known scan-attack
 
http://www.ISAserver.org
 
This is a common script kiddie tool.
It's designed to send your machine into a death-spiral of
self-referencing responses, since the source and destination IPs will
always alternate between the local machine (127.0.0.1 and your external
IP).
 
ISA blocks it as spoofed, since it was received on a network interface.
127.0.0.1 is invalid except in the memory-mapped network inside the
machine.
 
  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!
 
 
On Wed, 29 Oct 2003 13:52:27 +0300
 "Andrey Silkin" <silkin@xxxxxx> wrote:
http://www.ISAserver.org
 
Hi all ! I Some days ago I have received strange notification : ISA
Server detected a well-known port scan attack from Internet Protocol
(IP) address 127.0.0.1. A well-known port is any port in the range of
1-2048. I don't understand how can it be ? 127.0.0.1 - is the local
private address ! It is impossible that somebody scaned my
my server from himself . Did somebody have the same notification ?
 
 
Best Regards
Andrey Silkin
 
 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
 
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
 
All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com
 
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
 
 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
silkin@xxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2003