Re: ISA Server detected a spoof attack

• From: "cismic" <cismic@xxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sat, 17 Jan 2004 16:36:44 -0800

I'm running a back to back.  That means I have the dmz in the lat and the
other machines behind my other ISA box
in a lat of thier own.  For security reason's maybe I should put the sus
machine in it's own subnet. And have that part of the
lat and take my web and dns machines out of the dmz lat and place into thier
own subnet.

Joseph
----- Original Message ----- 
From: "Jim Harrison" <jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, January 16, 2004 7:52 PM
Subject: [isalist] Re: ISA Server detected a spoof attack


> http://www.ISAserver.org
>
> Noop.
> eye sai u pood SUS in LAT and web-pubic to DMZ.
>
>  Jim Harrison
>  MCP(NT4, W2K), A+, Network+, PCG
>  http://www.microsoft.com/isaserver
>  http://isaserver.org/Jim_Harrison
>  http://isatools.org
>
>  Read the help, books and articles!
> ----- Original Message ----- 
> From: "cismic" <cismic@xxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Friday, January 16, 2004 14:55
> Subject: [isalist] Re: ISA Server detected a spoof attack
>
>
> http://www.ISAserver.org
>
> Duh, what dood you mead?
> You taying me pud SUS in DMZ and pudish it from ISA?
>
> ----- Original Message ----- 
> From: "Jim Harrison" <jim@xxxxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Friday, January 16, 2004 7:27 AM
> Subject: [isalist] Re: ISA Server detected a spoof attack
>
>
> > http://www.ISAserver.org
> >
> > As my dear departed Mama used to say, "better a smartass than a
> dumbass..."
> >
> > Regarding your SUS deployment, my question is "why?"
> > If a DMZ host needs to get to it, web-publish it to the DMZ.
> >
> >  Jim Harrison
> >  MCP(NT4, W2K), A+, Network+, PCG
> >  http://www.microsoft.com/isaserver
> >  http://isaserver.org/Jim_Harrison
> >  http://isatools.org
> >
> >  Read the help, books and articles!
> > ----- Original Message ----- 
> > From: "cismic" <cismic@xxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Thursday, January 15, 2004 10:40
> > Subject: [isalist] Re: ISA Server detected a spoof attack
> >
> >
> > http://www.ISAserver.org
> >
> > Hi Jim,
> > Nope, My mother only raised throughbreds! lol
> >
> > Any way,  hey I've finally got well at least most of my new machines in
> > place.  I've been replace old boxes with new ones and of course that
means
> > installing software all over again.
> >
> > I run a back to back setup and am wondering if it is a good idea to
place
> > the SUS machine in the DMZ.
> >
> > Thank you,
> >
> > Joseph
> > ----- Original Message ----- 
> > From: "Jim Harrison" <jim@xxxxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Wednesday, January 14, 2004 1:58 PM
> > Subject: [isalist] Re: ISA Server detected a spoof attack
> >
> >
> > > http://www.ISAserver.org
> > >
> > > Smartass...
> > > ;-)
> > >
> > > I have that little toy.  I even had one for my old PalmIII until it
> > finally died and forced me to buy a Toshiba e750.
> > > Of course, there's a difference between having and using.
> > > It was one of those time when you look and say "I know what that is"
and
> > get proven painfully wrong.
> > >
> > >  Jim Harrison
> > >  MCP(NT4, W2K), A+, Network+, PCG
> > >  http://www.microsoft.com/isaserver
> > >  http://isaserver.org/Jim_Harrison
> > >  http://isatools.org
> > >
> > >  Read the help, books and articles!
> > > ----- Original Message ----- 
> > > From: "cismic" <cismic@xxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Wednesday, January 14, 2004 13:21
> > > Subject: [isalist] Re: ISA Server detected a spoof attack
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > Hi Jim,
> > >
> > > Solar winds has a free subnet calculater.
> > > http://www.purenetworking.net/Products/SolarWinds/SolarWindsSE.htm
> > >
> > > Joseph
> > > ----- Original Message ----- 
> > > From: "Jim Harrison" <jim@xxxxxxxxxxxx>
> > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > Sent: Wednesday, January 14, 2004 1:14 PM
> > > Subject: [isalist] Re: ISA Server detected a spoof attack
> > >
> > >
> > > > http://www.ISAserver.org
> > > >
> > > > Don't feel bad; I had to eat a basic subnet miscalculation not too
> long
> > > ago...
> > > >
> > > >  Jim Harrison
> > > >  MCP(NT4, W2K), A+, Network+, PCG
> > > >  http://www.microsoft.com/isaserver
> > > >  http://isaserver.org/Jim_Harrison
> > > >  http://isatools.org
> > > >
> > > >  Read the help, books and articles!
> > > > ----- Original Message ----- 
> > > > From: "Dan Bartley" <bartleyd@xxxxxxxxxxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Wednesday, January 14, 2004 13:02
> > > > Subject: [isalist] Re: ISA Server detected a spoof attack
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Yep, you're right. I transposed DNS and Default Gateway when I
looked
> at
> > > > them.
> > > >
> > > > Best Regards,
> > > >
> > > > Dan Bartley
> > > >
> > > > -----Original Message-----
> > > > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> > > > Sent: Wednesday, January 14, 2004 15:45
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] Re: ISA Server detected a spoof attack
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Actually, that's not the case.
> > > >
> > > > internal     = 172.16.10/24
> > > > external    = 172.16.2/24
> > > > Cisco       = 172.16.10.168
> > > >
> > > > The log data states that the packet was sent from the Cisco to the
ISA
> > > > "external" NIC.
> > > > 172.16.10.168, 172.16.2.9, ICMP, 8, 0, -, BLOCKED,172.16.2.9
> > > >
> > > > According to the IP assignments, the Cisco is "internal", but the
> packet
> > > > was received on the ISA external interface according to the
> > > > log entry.  That's why I suggested a misplaced cable or broken VLAN.
> > > >
> > > >  Jim Harrison
> > > >  MCP(NT4, W2K), A+, Network+, PCG
> > > >  http://www.microsoft.com/isaserver
> > > >  http://isaserver.org/Jim_Harrison
> > > >  http://isatools.org
> > > >
> > > >  Read the help, books and articles!
> > > > ----- Original Message ----- 
> > > > From: "Dan Bartley" <bartleyd@xxxxxxxxxxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Wednesday, January 14, 2004 12:20
> > > > Subject: [isalist] Re: ISA Server detected a spoof attack
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Not necessarily. Is the Cisco on the same private subnet as the
> external
> > > > NIC of ISA, and is that different from the private subnet being used
> by
> > > > the internal ISA NIC?
> > > >
> > > > Could be set up as a second level defense behind the Cisco and a
> > > > firewall. That would allow for a private IP on the external NIC.
> > > >
> > > > What I see below from his ipconfig/all seems to indicate that is the
> > > > case.
> > > >
> > > > Best Regards,
> > > >
> > > > Dan Bartley
> > > >
> > > > -----Original Message-----
> > > > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> > > > Sent: Wednesday, January 14, 2004 15:16
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] Re: ISA Server detected a spoof attack
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > The fact that ISA is receiving traffic from an internal IP on the
> > > > external NIC seems to hint that you have a cable misplaced or a
> > > > VLAN is broken.
> > > >
> > > >  Jim Harrison
> > > >  MCP(NT4, W2K), A+, Network+, PCG
> > > >  http://www.microsoft.com/isaserver
> > > >  http://isaserver.org/Jim_Harrison
> > > >  http://isatools.org
> > > >
> > > >  Read the help, books and articles!
> > > > ----- Original Message ----- 
> > > > From: "Eric Poole" <EPoole@xxxxxxxxxxxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Wednesday, January 14, 2004 11:53
> > > > Subject: [isalist] Re: ISA Server detected a spoof attack
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > ISA's internal is on the .10 subnet just like the cisco box.  ISA's
> > > > external is on the .2 subnet.  The external (2.9) is on a
> > > > separate vlan, so it's virtually external.
> > > > "Ethernet adapter Intranet:
> > > >   Connection-specific DNS Suffix  . :
> > > >         Description . . . . . . . . . . . : HPNC7781 Gigabit Server
> > > > Adapter
> > > >         Physical Address. . . . . . . . . : 00-0B-CD-82-2A-45
> > > >         DHCP Enabled. . . . . . . . . . . : No
> > > >         IP Address. . . . . . . . . . . . : 172.16.10.110
> > > >         Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > > >         Default Gateway . . . . . . . . . :
> > > >         DNS Servers . . . . . . . . . . . : 172.16.10.41
> > > >                                             172.18.52.41
> > > >         Primary WINS Server . . . . . . . : 172.16.10.41
> > > >         Secondary WINS Server . . . . . . : 172.16.11.41
> > > >
> > > > Ethernet adapter Extranet:
> > > >   Connection-specific DNS Suffix  . :
> > > >         Description . . . . . . . . . . . : HPNC7781 Gigabit Server
> > > > Adapter2
> > > >         Physical Address. . . . . . . . . : 00-0B-CD-82-2A-6A
> > > >         DHCP Enabled. . . . . . . . . . . : No
> > > >         IP Address. . . . . . . . . . . . : 172.16.2.9
> > > >         Subnet Mask . . . . . . . . . . . : 255.255.255.0
> > > >         Default Gateway . . . . . . . . . : 172.16.2.20
> > > >         DNS Servers . . . . . . . . . . . :
> > > >         NetBIOS over Tcpip. . . . . . . . : Disabled"
> > > >
> > > >
> > > > _______________________________________________
> > > > Eric Poole
> > > > IS Security Analyst
> > > > Community Medical Centers
> > > > 1140 "T" Street, Fresno, California 93721
> > > > 559-459-6784 (phone) 559-459-2045 (fax)
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
> > > > Sent: Wednesday, January 14, 2004 11:33 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] Re: ISA Server detected a spoof attack
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > What does the ISA "ipconfig/all" produce?
> > > > It sounds like ISA doesn't really agree with you about what's
> internal.
> > > >
> > > >
> > > >  Jim Harrison
> > > >  MCP(NT4, W2K), A+, Network+, PCG
> > > >  http://www.microsoft.com/isaserver
> > > >  http://isaserver.org/Jim_Harrison
> > > >  http://isatools.org
> > > >
> > > >  Read the help, books and articles!
> > > > ----- Original Message ----- 
> > > > From: "Eric Poole" <EPoole@xxxxxxxxxxxxxxxxxxxx>
> > > > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > > > Sent: Wednesday, January 14, 2004 10:32
> > > > Subject: [isalist] ISA Server detected a spoof attack
> > > >
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > I'm getting these about every half hour from our internal Cisco
Works
> > > > box (172.16.10.168).  The 2.9 address is the ISA external NIC
> > > > that is routed through our PIX.  Any ideas?
> > > >
> > > > "ISA Server detected a spoof attack from Internet Protocol (IP)
> address
> > > > 172.16.10.168. A spoof attack occurs when an IP address that
> > > > is not reachable via the interface on which the packet was received.
> If
> > > > logging for dropped packets is set, you can view details in
> > > > the packet filter log."
> > > >
> > > > Here's a sample from the packet filter log.
> > > >
> > > > "1/13/2004, 20:43:17, 172.16.10.168, 172.16.2.9, ICMP, 8, 0, -,
> BLOCKED,
> > > > 172.16.2.9, 45 00 00 3c 20 74 00 00 7f 01 b6 7b ac 10 0a a8
> > > > ac 10 02 09, 08 00 a1 b6 04 00 77 6e ad ad ad ad ad ad ad ad ad ..."
> > > >
> > > > _______________________________________________
> > > > Eric Poole
> > > > IS Security Analyst
> > > > Community Medical Centers
> > > > 1140 "T" Street, Fresno, California 93721
> > > > 559-459-6784 (phone) 559-459-2045 (fax)
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion List
as:
> > > > jim@xxxxxxxxxxxx
> > > > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion List
as:
> > > > epoole@xxxxxxxxxxxxxxxxxxxx
> > > > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion List
as:
> > > > jim@xxxxxxxxxxxx
> > > > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion List
as:
> > > > bartleyd@xxxxxxxxxxxxxxxxxxx
> > > > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion List
as:
> > > > jim@xxxxxxxxxxxx
> > > > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion List
as:
> > > > bartleyd@xxxxxxxxxxxxxxxxxxx
> > > > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> > > >
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion List
as:
> > > jim@xxxxxxxxxxxx
> > > > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Other Internet Software Marketing Sites:
> > > > Leading Network Software Directory: http://www.serverfiles.com
> > > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > > Network Security Library: http://www.secinf.net/
> > > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org Discussion List
as:
> > > cismic@xxxxxxx
> > > > To unsubscribe send a blank email to
> $subst('Email.Unsub')
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List as:
> > jim@xxxxxxxxxxxx
> > > To unsubscribe send a blank email to
$subst('Email.Unsub')
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Other Internet Software Marketing Sites:
> > > Leading Network Software Directory: http://www.serverfiles.com
> > > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > > Windows Security Resource Site: http://www.windowsecurity.com/
> > > Network Security Library: http://www.secinf.net/
> > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion List as:
> > cismic@xxxxxxx
> > > To unsubscribe send a blank email to
$subst('Email.Unsub')
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> > To unsubscribe send a blank email to $subst('Email.Unsub')
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List as:
> cismic@xxxxxxx
> > To unsubscribe send a blank email to $subst('Email.Unsub')
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>

Other related posts:

• » ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack
• » Re: ISA Server detected a spoof attack

1. Home
2. isalist
3. Archive
4. 01-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---