RE: RES: RE: spoof attack from 127.0.0.1

  • From: "cismic" <cismic@xxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 30 Sep 2003 16:57:28 -0700

Hello,

I've just noticed this in my logs as of the 28th.  Um,  what other
experiences have people 
Experienced with this?  I've ran all the sniffers and such and have
found nothing.

Thank you,

Joseph

-----Original Message-----
From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] 
Sent: Tuesday, September 30, 2003 12:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RES: RE: spoof attack from 127.0.0.1


http://www.ISAserver.org


I also have this problem, and some uhhh... 9 customers too.

Tiago de Aviz
SoftSell
(41) 340-2363
www.softsell.com.br
 

-----Mensagem original-----
De: Lev Zdenek [mailto:zdenek.lev@xxxxxxxxxxx] 
Enviada em: terça-feira, 30 de setembro de 2003 13:36
Para: [ISAserver.org Discussion List]
Assunto: [isalist] RE: spoof attack from 127.0.0.1

http://www.ISAserver.org


I have had the same problem , but I Did not find solution :( I have
Tri-home DMZ and in my log are the same information about spoofing. Evr
on port TCP 80.


-----Original Message-----
From: Manfred [mailto:md.fk@xxxxxxx] 
Sent: Tuesday, September 30, 2003 4:43 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] spoof attack from 127.0.0.1

http://www.ISAserver.org


Hi everyone,

on my front end isa server on a public dmz I get a lot of spoof events
from 127.0.0.1 in the last weeks. Log file entrys like: date/time
127.0.0.1 n.n.n.n Tcp 80 1609 Spoof x.x.x.x date/time 127.0.0.1 n.n.n.n
Tcp 80 1739 Spoof x.x.x.x date/time 127.0.0.1 n.n.n.n Tcp 80 1447 Spoof
x.x.x.x date/time 127.0.0.1 n.n.n.n Tcp 80 1924 Spoof x.x.x.x n.n.n.n =
different ip addresses on public dmz x.x.x.x = external isa address

I made virus scans, checked processes and network traffic but cannot
find the reason for it. The LAT and ip configuration should be ok for it
already worked for months without problems. Does anyone has an idea?
Thank you, manfred

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
zdenek.lev@xxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tiago@xxxxxxxxxxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com No.1
Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
cismic@xxxxxxx To unsubscribe send a blank email to
$subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 09-2003