RE: Getting 15105 and 15108

• From: "Greg Mulholland" <greg@xxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sat, 29 May 2004 08:52:37 +1000

Calvin
 
This is only an indication of ISA performing its job. This alert is not
telling you that the port scan has been successful in finding holes in
any way. The thing you want to be able to stop is people using malformed
packets and dos attacks against any services running on you network
which might show up in a port scan. For instance of course port 80 will
show as open, that's a given, but how you protect it plays a big part.
That's where smart firewalls and things like urlscan come into it.
 
If you get annoyed with the alerts, as Steve said turn them off, or
email them to another mailbox.
 
Greg

________________________________

From: Hamilton, Calvin [mailto:Calvin.Hamilton@xxxxxxxxxxxxxx] 
Sent: Saturday, May 29, 2004 5:25 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Getting 15105 and 15108


http://www.ISAserver.org


What can I do to prevent or manage these events 

15105 is ISA Server detected an all port scan attack from Internet
Protocol (IP) address 209.217.88.172 

15108 is ISA Server detected a spoof attack from Internet Protocol (IP)
address 65.116.240.1 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmulholland@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts:

• » Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108
• » RE: Getting 15105 and 15108

1. Home
2. isalist
3. Archive
4. 05-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---