RE: Port Scans

• From: Steve Lunn <Steve.Lunn@xxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 17 Mar 2005 09:34:36 -0000

Aha, I think I know what this is, as I encountered something similar
using ISA2k.

If you go to the properties of your Internet NIC, into TCP/IP Properties
and click the Advanced button. On the DNS tab at the bottom, there's
an option "Register this connection's address in DNS". IIRC this is
enabled by default, and the result is your external NIC trying to register
with the External DNS server. This in return initiates a barrage on 
incoming packets from the DNS server.

By unchecking the box your server stops trying to register with the
external DNS. While this might only stop the packet scans from the
DNS Servers, it's one less alert to worry about. As Ara rightly says,
lock your door, it's the world we live in.

I get loads of users who have installed personal firewalls coming to
me panicking about all the external attacks that their firewall has
warned them of, so my usual reply is to be worried of the ones it
doesn't warn you of... *evil*

HTH

Regards,
 
Steve
 
Steve Lunn - PC & Network Support
Microsoft MCP
DDI: 01423 855101
Fax: 01423 855181


-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx] 
Sent: 16 March 2005 18:59
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Port Scans

http://www.ISAserver.org

Depends on what IP the scanning is coming from.  For example, I just
noticed a scanning alert today that said it was coming from the IP
address of our ISP's DNS server.  If I block that, I will no longer be
able to do DNS lookups.

-----Original Message-----
From: Paul Laudenslager [mailto:paul@xxxxxxxxxxxx] 
Sent: Wednesday, March 16, 2005 12:54
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Port Scans

http://www.ISAserver.org

I see continual port scans from my ISP where I host my servers.

Is it possible to block these IP's altogether?

Thanks!
Paul 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve.lunn@xxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


Homeowners Group consists of Homeowners Friendly Society Limited (HFSL),
Registered and Incorporated under the Friendly Societies Act 1992, Reg. No.
964F, Homeowners Investment Fund Managers Limited (HIFML), Reg. No. 3224780,
Homeowners Financial Administration Limited (HFAL), Reg. No. 4301736,
Homeowners Membership Services Limited (HMSL), Reg. No. 3091667 and UK
Friendly Insurance Services Limited (UKFISL), Reg. No. 3088162, all
registered at Hornbeam Park Avenue, Harrogate. HG2  8XE. Tel: 01423 855000
Web: http://www.homeowners.co.uk 

HFSL and HIFML are both authorised and regulated by the Financial Services
Authority (FSA). HFSL's FSA Register no. is 110072, HIFML's FSA Register no.
is 181487. You can check this on the FSA's Register by visiting the FSA's
website http://www.fsa.gov.uk/register or by contacting the FSA on 0845 606
1234 

HFAL, HMSL and UKFISL are non-regulated limited companies. 

United Kingdom Civil Service Benefit Society (UKCSBS) and United Kingdom
Armed Forces Benefit Society (UKAFBS) are trading styles of Homeowners
Friendly Society Limited 

This e-mail is intended only for the person named as recipient. The contents
are confidential. If you are not the intended recipient of this e-mail,
please notify us as soon as possible and delete it. If you are not the
intended recipient of the e-mail, any use by you is prohibited.

Other related posts:

• » Port Scans
• » Re: Port Scans
• » Re: Port Scans
• » Re: Port Scans
• » Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans

1. Home
2. isalist
3. Archive
4. 03-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---