RE: Port Attack
- From: "jagadish.pai@xxxxxxxxxxxxxxxxxxx" <jagadish.pai@xxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 24 Mar 2003 10:09:28 +0530
Everyday i get this notification once from the same ip. Where should i
enable the packet filter log ?
Regards
Pai
"Thomas W Shinder"
<tshinder@starblaze To: "[ISAserver.org
Discussion List]" <isalist@xxxxxxxxxxxxx>
r.tzo.com> cc:
Subject: [isalist] RE: Port
Attack
03/24/2003 10:01 AM
Please respond to
"[ISAserver.org
Discussion List]"
http://www.ISAserver.org
Hi Pai,
I'd check the packet filter log to determine the nature of the attack.
Sometimes its false positive and sometimes its something worth worrying
about. Determine who's doing the scanning and then assess whether
they've done something similar in the past. Unless it's a repeat
offender, its probably not worth worrying about.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
>From: jagadish.pai@xxxxxxxxxxxxxxxxxxx
[mailto:jagadish.pai@xxxxxxxxxxxxxxxxxxx]
Sent: Sunday, March 23, 2003 10:12 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Port Attack
http://www.ISAserver.org
Hi
Can somebody explain will there be any problem for the following:-- How
do
i protect my system being attacked.
ISA Server detected an Internet Protocol (IP) half-scan attack from IP
address 202.118.162.44.
ISA Server detected an all port scan attack from Internet Protocol (IP)
address 61.241.82.53.
Regards
Pai
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jagadish.pai@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts: