RE: FW: ISA Server alert: An intrusion was attempted by an external user.

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 24 Nov 2004 05:46:11 -0800

You need to review the packet filter logs for that time (remember to
account for GMT logging).
The actual traffic is located there.
By default, ISA logs to %ProgramFiles%\Micorosoft ISA Server/ISALogs

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!
 
 

-----Original Message-----
From: Ruba Al Omari, Eng. [mailto:romari@xxxxxxxxxxxxxxxxx] 
Sent: Wednesday, November 24, 2004 12:12 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] FW: ISA Server alert: An intrusion was attempted by
an external user.

http://www.ISAserver.org

Hi

I have 2 arms ISA2000, one NIC connected to switch with a netscreen
device (10.255.1.2) and the other arm is connected to internal LAN.
I keep getting these notifications almost every few minutes; from the
interface that is connected to the netscreen LAN which only has 2
devices connected to this LAN the ISA and the netscreen.
I know the ISA is not infected, could there be any other reason for
this? 

Thanks for any help
Ruba Al-Omari


-----Original Message-----
From: 9000-srv [mailto:9000-srv] 
Sent: Wednesday, November 24, 2004 10:06 AM
To: DAH Technical Support
Subject: ISA Server alert: An intrusion was attempted by an external
user.

ISA Server name: 9000-SRV

ISA Server detected an all port scan attack from Internet Protocol (IP)
address 10.255.1.2.

For more information about this event, see ISA Server Help.




------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

• » FW: ISA Server alert: An intrusion was attempted by an external user.
• » Re: FW: ISA Server alert: An intrusion was attempted by an external user.
• » FW: ISA Server alert: An intrusion was attempted by an external user.
• » FW: ISA Server alert: An intrusion was attempted by an external user.
• » RE: FW: ISA Server alert: An intrusion was attempted by an external user.
• » RE: FW: ISA Server alert: An intrusion was attempted by an external user.

1. Home
2. isalist
3. Archive
4. 11-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---