RE: Port Scans
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 17 Mar 2005 06:01:05 -0600
Hi Steve,
Hmmm. Interesting. Might be a nice tip. I'll see if I can replicate
that.
Thanks!
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
MVP -- ISA Firewalls
________________________________
From: Steve Lunn [mailto:Steve.Lunn@xxxxxxxxxxxxxxxx]
Sent: Thursday, March 17, 2005 3:35 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Port Scans
http://www.ISAserver.org
Aha, I think I know what this is, as I encountered something similar
using ISA2k.
If you go to the properties of your Internet NIC, into TCP/IP Properties
and click the Advanced button. On the DNS tab at the bottom, there's
an option "Register this connection's address in DNS". IIRC this is
enabled by default, and the result is your external NIC trying to
register
with the External DNS server. This in return initiates a barrage on
incoming packets from the DNS server.
By unchecking the box your server stops trying to register with the
external DNS. While this might only stop the packet scans from the
DNS Servers, it's one less alert to worry about. As Ara rightly says,
lock your door, it's the world we live in.
I get loads of users who have installed personal firewalls coming to
me panicking about all the external attacks that their firewall has
warned them of, so my usual reply is to be worried of the ones it
doesn't warn you of... *evil*
HTH
Regards,
Steve
Steve Lunn - PC & Network Support
Microsoft MCP
DDI: 01423 855101
Fax: 01423 855181
-----Original Message-----
From: Ball, Dan [mailto:DBall@xxxxxxxxxxx]
Sent: 16 March 2005 18:59
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Port Scans
http://www.ISAserver.org
Depends on what IP the scanning is coming from. For example, I just
noticed a scanning alert today that said it was coming from the IP
address of our ISP's DNS server. If I block that, I will no longer be
able to do DNS lookups.
-----Original Message-----
From: Paul Laudenslager [mailto:paul@xxxxxxxxxxxx]
Sent: Wednesday, March 16, 2005 12:54
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Port Scans
http://www.ISAserver.org
I see continual port scans from my ISP where I host my servers.
Is it possible to block these IP's altogether?
Thanks!
Paul
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve.lunn@xxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Homeowners Group consists of Homeowners Friendly Society Limited (HFSL),
Registered and Incorporated under the Friendly Societies Act 1992, Reg.
No. 964F, Homeowners Investment Fund Managers Limited (HIFML), Reg. No.
3224780, Homeowners Financial Administration Limited (HFAL), Reg. No.
4301736, Homeowners Membership Services Limited (HMSL), Reg. No. 3091667
and UK Friendly Insurance Services Limited (UKFISL), Reg. No. 3088162,
all registered at Hornbeam Park Avenue, Harrogate. HG2 8XE. Tel: 01423
855000 Web: http://www.homeowners.co.uk
HFSL and HIFML are both authorised and regulated by the Financial
Services Authority (FSA). HFSL's FSA Register no. is 110072, HIFML's FSA
Register no. is 181487. You can check this on the FSA's Register by
visiting the FSA's website http://www.fsa.gov.uk/register or by
contacting the FSA on 0845 606 1234
HFAL, HMSL and UKFISL are non-regulated limited companies.
United Kingdom Civil Service Benefit Society (UKCSBS) and United Kingdom
Armed Forces Benefit Society (UKAFBS) are trading styles of Homeowners
Friendly Society Limited
This e-mail is intended only for the person named as recipient. The
contents are confidential. If you are not the intended recipient of this
e-mail, please notify us as soon as possible and delete it. If you are
not the intended recipient of the e-mail, any use by you is prohibited.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
