RE: ISA Alert Intrusion

• From: "Edward Sullivan" <esullivan@xxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 13 Jan 2003 11:54:17 -0600

See this link for more information:

http://www.claws-and-paws.com/virus/articles/fdisk.shtml

Again, this option should only be used if you know precisely what you are doing!


-----Original Message-----
From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx]
Sent: Monday, January 13, 2003 11:50 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


Thanks Ed
Well I am not too sure either - again how PC anywhere caused this!
I think I might just rebuild it - is there anything documented on this /mbr fix?

Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net 


-----Original Message-----
From: Edward Sullivan [mailto:esullivan@xxxxxxx]
Sent: 13 January 2003 17:45
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


This is not a suggestion you try this, but an undocumented feature of FDISK is 
the "/MBR" switch. Specifying this switch at the end of the command will 
rebuild your master boot record. If your master boot record has become 
corrupted or altered by another program, this often will correct the problem.

Again, I am not suggesting you try this, and am not sure it will fix the 
problem you are having, only sharing this information in case it should prove 
helpful to you.

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Monday, January 13, 2003 11:38 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


Hi Simon,

The only fix I know of is the FDISK rebuild. There should be a way to do
this without FDISK, but the exact problem hasn't been described on how
it whacks the console, so its hard to figure out the fix.

Tom
www.isaserver.org/shinder


-----Original Message-----
From: Simon Weaver [mailto:Simon.Weaver@xxxxxxxx] 
Sent: Monday, January 13, 2003 11:32 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


Steve
PC anywhere was installed soem time ago!
I never realised this would cause problems!!!

Would an uninstall not fix this?

Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net 


-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxxxxxxx]
Sent: 13 January 2003 17:24
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA Alert Intrusion


http://www.ISAserver.org


Has pcAnywhere been installed on the server, if so, you will have to
rebuild the server as the pcAnywhere install really messes up the gina
and authentication for the alerts.

Steve

________________________________

From:    Simon Weaver [mailto:Simon.Weaver@xxxxxxxx]    
Sent:    Mon 13/01/2003 09:05 AM        
To:      Isa List       
Subject:         [isalist] ISA Alert Intrusion  
        
http://www.ISAserver.org


Hello Everyone
Got a few questions about ISA 2000 for SBS2000.
 
I have enabled Intrusion Detection and sent alerts to my Email address.
I receive the alerts, but I cannot seem to find what or who was trying
to contact me.
 
When I goto the "Monitoring" Folder and choose Alerts I get a Big Messge
"Refresh Failed" with a Big circle and a white X!
The message says "You do not have the necessary permissions to perform
this operation". I click on CONTINUE, but all I see are the tabs at the
bottom of the window (Services, Help, sessions, up, ect!).
 
If I view on the REORTS Folder, it only shows OLD reports for December
2002 - nothing since the 19th Dec 02.
 
Any ideas?
 
Thanks
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net <http://www.iscl.net/>  
 
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


This E-Mail is confidential. It is not intended to be read, copied,
disclosed or used by any person other than isalist@xxxxxxxxxxxxxx

Unauthorised use, disclosure, or copying is strictly prohibited and may
be unlawful. Optimum Computer Solutions disclaims any liability for any
action taken in connection of this E-Mail. The comments or statements
expressed in this E-Mail are not necessarily those of Optimum Computer
Solutions or its subsidiaries or affiliates.

usermanager@xxxxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Simon.Weaver@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
esullivan@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
Simon.Weaver@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
esullivan@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion
• » RE: ISA Alert Intrusion

1. Home
2. isalist
3. Archive
4. 01-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---