Hello, I've just noticed this in my logs as of the 28th. Um, what other experiences have people Experienced with this? I've ran all the sniffers and such and have found nothing. Thank you, Joseph -----Original Message----- From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Tuesday, September 30, 2003 12:28 PM To: [ISAserver.org Discussion List] Subject: [isalist] RES: RE: spoof attack from 127.0.0.1 http://www.ISAserver.org I also have this problem, and some uhhh... 9 customers too. Tiago de Aviz SoftSell (41) 340-2363 www.softsell.com.br -----Mensagem original----- De: Lev Zdenek [mailto:zdenek.lev@xxxxxxxxxxx] Enviada em: terça-feira, 30 de setembro de 2003 13:36 Para: [ISAserver.org Discussion List] Assunto: [isalist] RE: spoof attack from 127.0.0.1 http://www.ISAserver.org I have had the same problem , but I Did not find solution :( I have Tri-home DMZ and in my log are the same information about spoofing. Evr on port TCP 80. -----Original Message----- From: Manfred [mailto:md.fk@xxxxxxx] Sent: Tuesday, September 30, 2003 4:43 PM To: [ISAserver.org Discussion List] Subject: [isalist] spoof attack from 127.0.0.1 http://www.ISAserver.org Hi everyone, on my front end isa server on a public dmz I get a lot of spoof events from 127.0.0.1 in the last weeks. Log file entrys like: date/time 127.0.0.1 n.n.n.n Tcp 80 1609 Spoof x.x.x.x date/time 127.0.0.1 n.n.n.n Tcp 80 1739 Spoof x.x.x.x date/time 127.0.0.1 n.n.n.n Tcp 80 1447 Spoof x.x.x.x date/time 127.0.0.1 n.n.n.n Tcp 80 1924 Spoof x.x.x.x n.n.n.n = different ip addresses on public dmz x.x.x.x = external isa address I made virus scans, checked processes and network traffic but cannot find the reason for it. The LAT and ip configuration should be ok for it already worked for months without problems. Does anyone has an idea? Thank you, manfred ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: zdenek.lev@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tiago@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: cismic@xxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')