..now that would be a kewl feature; "render from trusted sources only" and use the actual sending mail server data (not the @#%#$^% "from" or "reply-to") to define "trusted sources". Who wants to own and drive that? Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Troy Radtke" <TRadtke@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, June 03, 2004 08:00 Subject: [isalist] RE: Getting 15105 and 15108 http://www.ISAserver.org But that takes half the fun out of this list..... -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, June 03, 2004 9:37 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Getting 15105 and 15108 http://www.ISAserver.org Don't Render HTML Formatted Email Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://www.microsoft.com/isaserver http://isaserver.org/Jim_Harrison http://isatools.org Read the help, books and articles! ----- Original Message ----- From: "Anthony Michaud" <anthonym@xxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, June 02, 2004 17:13 Subject: [isalist] RE: Getting 15105 and 15108 http://www.ISAserver.org IS this a competition FOR the most annoying FONTs??? -----Original Message----- From: mathif@xxxxxxxxxxxxxxx [mailto:mathif@xxxxxxxxxxxxxxx] Sent: Saturday, 29 May 2004 23:51 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Getting 15105 and 15108 http://www.ISAserver.org Steve, yes if someone is scanning from outside, and is spoofing their address... Regards, Mohammed Athif Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 Moble.: +966-509774015 Email: mathif@xxxxxxxxxxxxxxx "Save Internet, Keep all the systems patched" Web: http://alfaisaliah.com <http://alfaisaliah.com/> -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Saturday, 29 May 2004 4:39 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Getting 15105 and 15108 http://www.ISAserver.org I beg to differ Mohammed, if someone is scanning from outside, and is spoofing their address, then no matter what you add to the lat will not stop these alerts, therefore the only way to fix it is to turn off the alerts. HTH Steve _____ From: mathif@xxxxxxxxxxxxxxx [mailto:mathif@xxxxxxxxxxxxxxx] Sent: Saturday, May 29, 2004 9:57 AM To: Isa Weblist Subject: [isalist] RE: Getting 15105 and 15108 http://www.ISAserver.org Steve thatz never a solution... I had rather check the LAT and see if the ISA is accessed over terminal and that IP entry is not listed in the routing table. NO offence intended :-) Regards, Mohammed Athif Khaleel Asst.Network Engineer AlFaisaliah Group Information Technology Tel.: +966-1-461-0077 x.209 Moble.: +966-509774015 Email: mathif@xxxxxxxxxxxxxxx "Save Internet, Keep all the systems patched" Web: http://alfaisaliah.com <http://alfaisaliah.com/> -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxxxxxxxxxxxxx] Sent: Friday, 28 May 2004 11:40 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Getting 15105 and 15108 http://www.ISAserver.org turn off the alerts.. Steve _____ From: Hamilton, Calvin [mailto:Calvin.Hamilton@xxxxxxxxxxxxxx] Sent: Friday, May 28, 2004 4:25 PM To: Isa Weblist Subject: [isalist] Getting 15105 and 15108 http://www.ISAserver.org What can I do to prevent or manage these events 15105 is ISA Server detected an all port scan attack from Internet Protocol (IP) address 209.217.88.172 15108 is ISA Server detected a spoof attack from Internet Protocol (IP) address 65.116.240.1 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tradtke@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist