RE: Port Attack
- From: "jagadish.pai@xxxxxxxxxxxxxxxxxxx" <jagadish.pai@xxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 26 Mar 2003 12:21:45 +0530
Dear Thomas
Thank You for the information.
Regards
K Jagadish Pai
Systems Administrator
"Thomas W Shinder"
<tshinder@starblaze To: "[ISAserver.org
Discussion List]" <isalist@xxxxxxxxxxxxx>
r.tzo.com> cc:
Subject: [isalist] RE: Port
Attack
03/26/2003 05:46 AM
Please respond to
"[ISAserver.org
Discussion List]"
http://www.ISAserver.org
Hi Pai,
Since all of these are blocked, they don't pose any security risk.
However, intrusion detection is an entire field of study unto itself.
Norcutt (sp?) has some good books on this subject.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
>From: jagadish.pai@xxxxxxxxxxxxxxxxxxx
[mailto:jagadish.pai@xxxxxxxxxxxxxxxxxxx]
Sent: Monday, March 24, 2003 9:40 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Port Attack
http://www.ISAserver.org
Dear Thomas
The following is the log of packet filter can you explain what danger
could the system be in and how to reslove this issue if danger is
there.
#Fields: date time source-ip destination-ip
protocol
param#1 param#2 filter-rule interface
2003-03-22 04:12:28 61.241.82.53 202.63.113.66
Tcp
80 1272 BLOCKED 202.63.113.66
2003-03-22 04:42:47 61.241.82.53 202.63.113.66
Tcp
80 12843 BLOCKED 202.63.113.66
2003-03-22 16:08:24 202.118.162.44 202.63.113.66 Tcp
21 21 IpHalfScan 202.63.113.66
Thanks In advance.
Regards
K Jagadish Pai
Systems Administrator
"Thomas W Shinder"
<tshinder@starblaze To: "[ISAserver.org
Discussion List]" <isalist@xxxxxxxxxxxxx>
r.tzo.com> cc:
Subject: [isalist] RE:
Port Attack
03/25/2003 07:04 AM
Please respond to
"[ISAserver.org
Discussion List]"
http://www.ISAserver.org
Hi Pai,
The packet filter log doesn't need any configuration, just analysis.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
>From: jagadish.pai@xxxxxxxxxxxxxxxxxxx
[mailto:jagadish.pai@xxxxxxxxxxxxxxxxxxx]
Sent: Sunday, March 23, 2003 10:39 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Port Attack
http://www.ISAserver.org
Everyday i get this notification once from the same ip. Where should i
enable the packet filter log ?
Regards
Pai
"Thomas W Shinder"
<tshinder@starblaze To: "[ISAserver.org
Discussion List]" <isalist@xxxxxxxxxxxxx>
r.tzo.com> cc:
Subject: [isalist] RE:
Port Attack
03/24/2003 10:01 AM
Please respond to
"[ISAserver.org
Discussion List]"
http://www.ISAserver.org
Hi Pai,
I'd check the packet filter log to determine the nature of the attack.
Sometimes its false positive and sometimes its something worth worrying
about. Determine who's doing the scanning and then assess whether
they've done something similar in the past. Unless it's a repeat
offender, its probably not worth worrying about.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
>From: jagadish.pai@xxxxxxxxxxxxxxxxxxx
[mailto:jagadish.pai@xxxxxxxxxxxxxxxxxxx]
Sent: Sunday, March 23, 2003 10:12 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Port Attack
http://www.ISAserver.org
Hi
Can somebody explain will there be any problem for the following:-- How
do
i protect my system being attacked.
ISA Server detected an Internet Protocol (IP) half-scan attack from IP
address 202.118.162.44.
ISA Server detected an all port scan attack from Internet Protocol (IP)
address 61.241.82.53.
Regards
Pai
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jagadish.pai@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jagadish.pai@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jagadish.pai@xxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
