RE: On Packet filters security etc...

  • From: "josephk" <josephk@xxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 11 Jun 2004 13:14:19 -0700

Well Jeb,
Some people in the industry, higher this dude named bubba to do out
packet sniffing and tracing.
Sam spade does a good job at tracing as well.  What you can do is look
up the domain contact
At internic or dotster and then email the host and inform them of
suspicious or possible activity
Coming from that group of ip address.

Thank you,
Joseph


-----Original Message-----
From: Watts, Jeb [mailto:Jwatts@xxxxxxxxxxx] 
Sent: Friday, June 11, 2004 8:16 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] On Packet filters security etc...


http://www.ISAserver.org

I have been noticing what ISA is calling "port scan attacks" for the
past week or so from the same IP address. I am just getting my feet wet
with trying to monitor security closely and don't mean to sound like a
complete idiot. (Oops! To late?)  Does this mean someone is purposely
scanning my ISA server for holes or could it be something non
intentional? Is there really anything that can be done about it? I have
already found out who owns that block of ip addresses provided the
source address is not being spoofed. Does Tom's book cover questions
about what the different log messages mean? Thanks! 
 
Jeb
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com No.1 Exchange
Server Resource Site: http://www.msexchange.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 06-2004