RE: All Port Scan on ISA Server

• From: "eric_holtzclaw" <eric_holtzclaw@xxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 29 Oct 2001 14:09:28 -0800

That is a spoof, IE some one is using your IP header of your firewall to
send a DOS attack.

The Packet Inspection should prevent this and know that the real IP in
not it's own.



-----Original Message-----
From: Weiss, Robert [mailto:WeissR@xxxxxxxxxx] 
Sent: Monday, October 29, 2001 1:56 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: All Port Scan on ISA Server

http://www.ISAserver.org


Alex,

My problem is that the IP address listed as scanning the ISA server is
it's
own external IP address.  I need to know what could be causing this to
happen.

1.  Is it a quirk of ISA?
2.  Is something in my configuration causing this?
3.  Could one of my internal users be causing this somehow?

I also see IP Spoofing reports with my own internal IP addresses listed
sometimes.

Robert Weiss
Manager, Network and Academic Systems
Philadelphia University
Office of Information Technology
215-951-2689
http://www.PhilaU.edu/OIT


-----Original Message-----
From: Alex Randjelovic [mailto:alex@xxxxxxxx]
Sent: Monday, October 29, 2001 4:49 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: All Port Scan on ISA Server

http://www.ISAserver.org


You can use IPSec to block those IP's
And you should read ISA list posting

Alex Randjelovic
IT Manager
MagiTech Inc.


-----Original Message-----
From: Weiss, Robert [mailto:WeissR@xxxxxxxxxx]
Sent: Monday, October 29, 2001 4:45 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] All Port Scan on ISA Server

http://www.ISAserver.org



This message is in MIME format. Since your mail reader does not
understand
this format, some or all of this message may not be legible.




------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
weissr@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
eric_holtzclaw@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » All Port Scan on ISA Server
• » RE: All Port Scan on ISA Server
• » RE: All Port Scan on ISA Server
• » RE: All Port Scan on ISA Server
• » RE: All Port Scan on ISA Server

1. Home
2. isalist
3. Archive
4. 10-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---