RE: Being Attacked...HELPED

  • From: "Quillman Shawn (RBNA/CSA1) *" <Shawn.Quillman@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 5 May 2005 13:01:43 -0500

Seriously man, you gotta shut down your network.  Better to have down
time that you can just plug back in than to have down time that you have
to restore from tape if things go way south.  You should be able to
(relatively quickly) look at some log files to see patterns in the
traffic in order to identify offending machines.  You might not even be
able to get to your logs if your server(s) experience any kind of DoS
attack if you don't pull your network.


-----
Robert Bosch Corporation
Technical Systems Analyst (RBNA/CSA1)
Corporate Sales Reporting Systems
38000 Hills Tech Drive - Farmington Hills, MI 48331 - USA
phone: 1 (248) 553-1164    fax: 1 (248) 848-6969
shawn.quillman@xxxxxxxxxxxx
http://www.bosch.us

-----Original Message-----
From: Clarke, Scott [mailto:Scott.Clarke@xxxxxxxxxxxx] 
Sent: Thursday, May 05, 2005 1:38 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Being Attacked...HELPED

http://www.ISAserver.org

How would I stop this...I know some machine may not be up to date with
MS updates.

Help!!!

-----Original Message-----
From: Troy Radtke [mailto:TRadtke@xxxxxxxxxxxx]
Sent: Thursday, May 05, 2005 2:59 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Being Attacked...HELPED


http://www.ISAserver.org

Ok, then you probably have multiple switches/routers in your lan.  Start
pulling it apart and seeing if it comes back when you start hooking
things up.  If it does, unplug and keep going.  If it's coming from all
of the different segments, then good luck..... I hope you're not doing
anything important tonight......

-----Original Message-----
From: Clarke, Scott [mailto:Scott.Clarke@xxxxxxxxxxxx] 
Sent: Thursday, May 05, 2005 12:19 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Being Attacked...HELPED


http://www.ISAserver.org

Yikes!  200 +

-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Thursday, May 05, 2005 2:26 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Being Attacked...HELPED


http://www.ISAserver.org

How many pc's in your lan?

Shut them all down and start them up one by one.

S 

-----Original Message-----
From: Scott [mailto:scott.clarke@xxxxxxxxxxxx] 
Sent: Thursday, May 05, 2005 1:52 PM
To: ISA Mailing List
Subject: [isalist] Being Attacked...HELPED

http://www.ISAserver.org

I am seeing a lot of Trinoo, HTTP, and HTTP Cross Site scripting
attacks. 
Both Trinoo and HTTP are coming from internal user machines and Cross
site coming from 0.0.0.0

This only started happening recently...HELP!!!

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

The correct technical term for haggis stalking is "havering". 


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
scott.clarke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
scott.clarke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 05-2005