Re: Intrusion Detected

• From: Dar Scott <dsc@xxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 8 Nov 2001 13:00:29 -0700

At 11:54 AM -0700 11/8/01, Dar Scott wrote:

At 11:06 AM -0700 11/8/01, skip wrote:

My ISA server got a well-known port scan attack from Internet Protocol
(IP) address 12.x.x.x. this is the IP that is on  the external interface
on the ISA server, how can that be

I'm new to this, but I wonder....

If your ISA server is set up to masquerade, then would a scan from "inside" look like a scan from the external interface?

I may be digging my self deeper and deeper into a newby hole...

Could this be innocent? Could a machine on your LAN could have gotten the "outside" IP address of the server instead of the inside IP address? Could this be a DNS problem?

Dar
Some guy in Albuquerque

Other related posts:

• » Re: Intrusion Detected
• » Re: Intrusion Detected
• » Intrusion Detected
• » Re: Intrusion Detected
• » Re: Intrusion Detected
• » Re: Intrusion Detected
• » Re: Intrusion Detected
• » Re: Intrusion Detected
• » Re: Intrusion Detected

1. Home
2. isalist
3. Archive
4. 11-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---