RE: Evaluation Version ISA

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 17 Oct 2002 18:15:07 -0700

You should be reviewing the ISA IP log for any reported scans or intrusions.
ISA occasionally mistakes late packets for a scan and those events can be
safely ignored.
Frankly, if the"scan" is a one-time event, it's not worth your time.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 Read the help / books / articles!

----- Original Message -----
From: "Ged" <gerard.chadwick@xxxxxxxxxxxxxx>
To: "[ Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, October 16, 2002 3:13 PM
Subject: [isalist] RE: Evaluation Version ISA

Everything seems to be working fine now.  Disabled the personal firewall
in the XP client and that machine is working fine.

Generally, internet seems slow, have disabled active caching, and this
seems to have made a positive impact.  Played around with TTL values on
less frequent setting in cache config.

Had a couple of reports from the ISA of port scanning from two different
IP addresses today.  Footprinted one of them and got a contact from whois
database but they denied it.  Can this be caused by innocent, well non
dubious, practices by companies?  Or is there something ISA may have
misinterpreted do you think/know?


List Archives:
ISA Server Newsletter:
ISA Server FAQ:
Exchange Server Resource Site:
Windows Security Resource Site:
Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts: