RE: port scan detected
- From: "Mark Hopkins" <Mark.Hopkins@xxxxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 19 Aug 2003 14:13:18 -0500
Tom,
Could you elaborate on this "intelligent address blocking"? Thanks.
Mark
________________________________
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 19, 2003 1:59 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: port scan detected
http://www.ISAserver.org
Ni Brian,
Nor should you. Blocking addresses that scan you is like shooting at
cars that drive past your home and look at your windows and front door.
:-) Be aware of the attempt, but you'll end up making a critical error
sooner or later if you block addresses without putting some intelligence
behind the block.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: Rogers, Brian [mailto:RogersB@xxxxxxxxxxxxxx]
Sent: Tuesday, August 19, 2003 1:23 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: port scan detected
http://www.ISAserver.org
I simply don't have time to add a new filter for each and every
ip address that scans the firewall.
Perhaps if it would allow you to create a list of them you could
update...but creating a single packet filter for every scan ive gotten
would take me hours.
-----Original Message-----
From: Mark Hopkins [mailto:Mark.Hopkins@xxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 19, 2003 2:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: port scan detected
http://www.ISAserver.org
Personally, I figure that a port scan on my site is someone up
to no good, and I ban the IP address (inbound). If the IP address if
resolvable and I can contact the owner, I will attempt to do so. If the
owner takes appropriate action (to my liking), I remove the packet
filter. Lately I seem to be getting a couple of scans per week. Perhaps
I should ban all incoming traffic! :-) :-) :-)
Mark
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mark.hopkins@xxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
