Re: Port Scans

• From: "Paul" <pdeen@xxxxxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Thu, 25 Mar 2004 10:24:21 -0700

Hi Tom,
 Thanks for your input! 
 I know 'Layer 7' is the Aplication Layer, but I was wondering if you
could expand on your comment. Which alerts/reports in particular?

I have both of your ISA books, Server 2000 and Server Beyond
(unintentional plug). I just never get a chance to really read them
thouroughly, I use them as reference. So I was wondering if you could
point me to the parts I can read more about the 'Layer 7 reporting' you
speak of. Which parts are of te most interest? Like you said there are
just so many nasties out there, I wanna make sure ISA is doing a good job.

Are you already working on your ISA 2004 Server book? :)

Thanks again!
Paul

--------------------------------------------

Hi Paul,

I ignore them. There are so many scumbags on the Internet now scanning
systems that there's not much to be gained by looking at port scans. The
layer 7 reporting is of more interest. 

Tom

Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp




-----Original Message-----
From: Paul [mailto:pdeen@xxxxxxxxxxxx] 
Sent: Wednesday, March 24, 2004 5:35 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Port Scans


http://www.ISAserver.org

I did not know you could search the history of this list until after I
posted my first message. I think you guys have covered most of my
questions, if not all.

So the way I understand it now is: with streaming music and the
127.0.0.1,
I am possibly recieving IP fragments, and/or delayed responce, and thats
what could be triggering the port scan alert.

That sound about right?

I am still curious what you guys do when you recieve a port scan alert,
if
you just ignore them unless someting else points to an intrusion, or do
you research them? If so, what tips do you have?

Thanks!
Paul


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to

Other related posts:

• » Port Scans
• » Re: Port Scans
• » Re: Port Scans
• » Re: Port Scans
• » Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans

1. Home
2. isalist
3. Archive
4. 03-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---