Re: ISA Server detected an all port scan attack from Internet Protocol (IP) address xx.xx.xx.xx?
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 26 Feb 2002 06:47:10 -0800
That depends on the severity of the "attack"
Sometimes, an "all port scan" might be nothing more than a string of "late"
packets.
Examine the IP...log for the time (GMT, remember) when the alert is thrown.
I believe you'll find that most "alerts" are spurious.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Bentley, Todd" <bentley@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, February 26, 2002 06:41
Subject: [isalist] ISA Server detected an all port scan attack from Internet
Protocol (IP) address xx.xx.xx.xx?
http://www.ISAserver.org
it seems my isa server is doing its job detecting and blocking these scans,
but now what? Is there someway I can let this address know we are on to
him. Is there a watch dog service I could report it to. Any suggestions on
what I can do beyond discarding the attack?
Thanx in advance
Todd L. Bentley
MCSE
Rupert Technologies
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
