RE: ISA 2004 Intrusion Detection Modification?

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 3 Oct 2005 06:45:00 -0700

No, you can't create alert exceptions, but you can tweak the alert not
to fire so often.
You can also scan your ISA logs to determine what the app was doing when
the alert fired.

What - we should be impressed because the app costs $M?
Poor code is poor code - regardless what you paid for it.

-----Original Message-----
From: stevec@xxxxxxxxxxx [mailto:stevec@xxxxxxxxxxx] 
Sent: Sunday, October 02, 2005 8:59 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA 2004 Intrusion Detection Modification?

http://www.ISAserver.org


I have a terminal server within my ISA 2004's "Internal Network" space.
ISA,
via email, reports 


Subject:
ISA Server alert: An intrusion was attempted by an external user

Body:
"ISA Server detected an all port scan attack from Internet Protocol (IP)
address 192.168...."


This is not an external client, it is a local Terminal Server with a VB
app
with many users on it, it's just the way the app works, it's not doing
anything bad.

Looking at the Intrusion Detection section in the ISA MMC, there doesn't
seem to be a way to setup exclusions for this alert. I'm getting spammed
by
my ISA! What can I tweak to make this go away (please don't say "the VB
app"
since it cost more than your house)?

Thanks.


  
  --
  http://www.atomic9.net/


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

• » ISA 2004 Intrusion Detection Modification?
• » RE: ISA 2004 Intrusion Detection Modification?

1. Home
2. isalist
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---