Blocking inbound traffic by IP with ISA 2004 and... Firewall service hangs

• From: "Darryl Janetzki" <darrylj@xxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 8 Feb 2005 01:24:30 +1100

 

I was trying to create a rule to block inbound traffic by IP address.
Ideally I'd like to create a "Villains destination set" and simply add
spammers and villains to this set to block inbound attempts to the
external interface of ISA2004

Domain name Sets/URL sets do not appear to be appropriate. Has any one
any suggestions on doing this?

 

The message screener does part of this function for SMTP screening and
adding the IP to the SMPT relay exception  list in the connection
properties does a great job of whacking spam. I was more interested in
blocking access attempts to the ISA external interface for a site or
multiple sites using one rule and address set. Most spammers do not have
reverse lookups. IP blocking is the only way to block SPAM as forged
headers in the email and ISA logs give the wrong information. I have
found that by looking at the SPAM email and viewing the headers of the
email the IP of the originating SMTP server can be found... Drilling
ISA20004 message screener logs is a waste of time as it does not have
any  information apart from farming a few word lists. (not much point in
blocking my own email addy)

 

Also, the firewall service is prone to hangs. If from the ISA 2004
console the service is attempted to be stopped the service hangs. A
reboot is the only fix. Stopping the service from the MMC produces the
same result. This bug occurred after a basic configuration of www, smtp
relay and ftp rules... The sever has singe P4 hyper threading enabled, 2
GB RAM 2 HD's W2k3 and ISA2004 std.  I reinstalled (out of curiosity and
for practice) to test this "bug" and same thing occurs. Restoring the
server with no rules, the ISA 2004 server is OK What could be the
problem? Or should this feature in the ISA2004 console have a padlock on
it.Or be renamed "Hang Firewall service" The event log does not give any
clues

 

The Firewall service was stopped gracefully.

 

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

 

At this point the ISA console is hung and the service is "stopping"

 

 

 

Thanks for any help 

 

Darryl Janetzki

 

 

Other related posts:

• » Blocking inbound traffic by IP with ISA 2004 and... Firewall service hangs
• » RE: Blocking inbound traffic by IP with ISA 2004 and... Firewall service hangs
• » RE: Blocking inbound traffic by IP with ISA 2004 and... Firewall service hangs
• » RE: Blocking inbound traffic by IP with ISA 2004 and... Firewall service hangs
• » RE: Blocking inbound traffic by IP with ISA 2004 and... Firewall service hangs

1. Home
2. isalist
3. Archive
4. 02-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---