RE: RES: RE: IP SCAN
- From: "Mark Hippenstiel" <mark@xxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 23 May 2002 17:05:25 +0200
Bom dia Alex,
as far as I observed this is fairly common. There are a number of people
out there who on a regular basis try to break into systems. Those
attempts are detected as well-known, half and full scan attempts. It is
a good advise to check the security of your setup as you are in fact a
target of an intrusion attempt.
But as long as everything's save in this respect, you can relax and let
your system be port-scanned, nothing else will happen there. You
wouldn't want to waste your time running after these events only to find
out that the source ip was spoofed.
Question for the experts: would there be any method of gathering more
information about the attacker (including spoofed IPs) that could be
automated? I don't know exactly which information could be considered
useful - but surely this is a common demand among firewall admins, no?
Mark
-----Original Message-----
From: Alex Decarli [mailto:decarli@xxxxxxxxxxxxx]
Sent: Thursday, May 23, 2002 4:46 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RES: RE: IP SCAN
http://www.ISAserver.org
In this events that I listed, He try to access from 80 port to several
ports on my server,
It could be a deceit?
-----Mensagem original-----
De: Mark Hippenstiel [mailto:mark@xxxxxxxxxxxx]
Enviada em: quinta-feira, 23 de maio de 2002 10:19
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RE: IP SCAN
http://www.ISAserver.org
Yeah, only as long as the IP isn't spoofed, that is. I've had this a
couple of times and didn't know what to do then. Anybody knows if ISA is
capable of logging the MAC address?
Mark
-----Original Message-----
From: Bruno ROUY [mailto:bruno.rouy@xxxxxxxx]
Sent: Thursday, May 23, 2002 2:53 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: IP SCAN
http://www.ISAserver.org
ONLY..... YESSSSSSSS !
but you can trace who scan your ports
-----Message d'origine-----
De : Alex Decarli [mailto:decarli@xxxxxxxxxxxxx]
Envoyé : jeudi 23 mai 2002 14:14
À : [ISAserver.org Discussion List]
Objet : [isalist] IP SCAN
http://www.ISAserver.org
Hi folks,
I've received the following message: "ISA Server detected an all port
scan attack from Internet Protocol (IP) address xxx.xxx.xxx.xxx"
i've registered in IP...log several connections of this ip on port 80
(http)
is this a port scan attack ?
When I do a manual port scan , isa server says "ISA Server detected a
well-known port scan attack from Internet Protocol (IP) address
xxx.xxx.xxx.xxx. A well-known port is any port in the range of 1-2048.
For more information about this event, see ISA Server Help.
Any idea ?
Alex Decarli
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bruno.rouy@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mark@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
decarli@xxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mark@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
