Port Scans

• From: "Ball, Dan" <DBall@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 15 Mar 2005 10:24:42 -0500

I get an lot of these alerts on my ISA2004 server:

ISA Server detected an all port scan attack from Internet Protocol (IP)
address xx.xx.xx.xx.

Normally, I just ignore these, as there isn't much I can do about
outside servers.  However, I've noticed a few of these with IP addresses
on our internal network, which has me concerned.  Whenever I see one of
these, I check every log I can think of, and don't find any other
indication of any activity other than the alert itself.  Even the
Firewall Log doesn't show any blocked packets during that time period.  

Do you think the IP address of the scanner is being spoofed? 

Other related posts:

• » Port Scans
• » Re: Port Scans
• » Re: Port Scans
• » Re: Port Scans
• » Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans
• » RE: Port Scans

1. Home
2. isalist
3. Archive
4. 03-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---