RE: Intruder is external nic
- From: "Larry Lentz" <Larry@xxxxxxxxxxxxxxxxx>
- To: "ISA Server Discussion List" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 27 Nov 2002 12:37:33 -0600
Thanks. Checked and in fact did have a space in the path. Put quotes
around it and am now waiting to be attacked again to see if it works :-)
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Wednesday, November 27, 2002 12:30 PM
To: ISA Server Discussion List
Subject: [isalist] RE: Intruder is external nic
http://www.ISAserver.org
Hi Larry,
Check this out:
==============================
Hello,
As luck would have it, I just fixed this same problem
yesterday. First off, the .vbs script should be run
under the local system account. Next, you have 2
choices: 1) place double quotes around the folder path to
the script in the intrusion detected alert or 2)place
the .vbs script should be in a folder path that doesn't
have any spaces.
If you notice from the second error message, it is trying
to execute a dos command pointing to a folder path with
spaces. This will not work in dos without quotes
surrounding the entire path. It took me a while to
figure this out. The script works like a champ though
now. Hope this works for you!
Josh
===================================
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1>
http://tinyurl.com/1llp <http://tinyurl.com/1llp>
-----Original Message-----
From: Larry Lentz [mailto:Larry@xxxxxxxxxxxxxxxxx]
Sent: Wednesday, November 27, 2002 12:26 PM
To: [ISAserver.org Discussion List]
Cc: Amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: [isalist] RE: Intruder is external nic
http://www.ISAserver.org
Amy,
What I do when I have an intrusion like that is
immediately create an IP packet filter to totally block the offending IP
address. I've found this to be effective.
If you want to see where the attack is coming from, try
looking up the IP address at www.samspade.org/t/
<http://www.samspade.org/t/>
There is a script available on the ISA Toolzz web site
that supposed automatically creates a blocking packet filter but I
haven't been able to get it to work.
Larry
----------------------------------------------
Larry Lentz, MCSE+I, MCDBA
MCSE on Windows 2000
GoldMine Certified Professional
Lentz Computer Services
GoldMine Solutions Partner
San Antonio, Texas
Larry@xxxxxxxxxxxxxxxxx
For networking that makes sense,
Count on Lentz!
----------------------------------------------
-----Original Message-----
From: Amy Babinchak
[mailto:Amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, November 26, 2002 6:09 PM
To: ISA Server Discussion List
Subject: [isalist] Intruder is external nic
http://www.ISAserver.org
I'm getting intrusion detection alerts for port
scan and the IP address listed is the ISA external NIC. I'm not sure
where to begin troubleshooting this. Suggestions?
Amy Babinchak
Technology Consultant
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/
Windows Security Resource Site:
http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this
ISAserver.org Discussion List as: larry@xxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site:
http://www.msexchange.org/
Windows Security Resource Site:
http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: larry@xxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
