Re: Spoof Attack

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 9 Apr 2002 08:06:59 -0700

Hi VenKat

What host is the 192.168.68.55 host?
Where does it reside on the network?

Check out http://support.microsoft.com/default.aspx?scid=kb;en-us;Q288396

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Venkat" <venkat.r@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, April 09, 2002 3:26 AM
Subject: [isalist] Spoof Attack


http://www.ISAserver.org


hi,

iam using Isa server to which also acts as domain login server.these are the
errors i found in event viewer.i've also copied the routing table.can
anybody pls help me rectify this.

Event Type: Warning
Event Source: Microsoft ISA Server Control
Event Category: Packet filter
Event ID: 15108
Date: 4/5/2002
Time: 11:45:45 AM
User: N/A
Computer: CONSOLE
Description:
ISA Server detected a spoof attack from Internet Protocol (IP)
address 192.168.68.55. A spoof attack occurs when an IP address
that is not reachable via the interface on which the packet was
received. If logging for dropped packets is set, you can view
details in the packet filter log.
Data:
0000: 1f 00 00 00 ....

Event Type: Error
Event Source: Microsoft Web Proxy
Event Category: None
Event ID: 14120
Date: 4/5/2002
Time: 2:55:44 PM
User: N/A
Computer: CONSOLE
Description:
The ISA Server services cannot create a packet filter 202.9.151.5.
This event occurs when there is a conflict between the Local
Address Table (LAT) configuration and the Windows 2000 routing
table. Check the routing table and the LAT to find the source of
the conflict.
Data:
0000: 41 01 00 c0 A..À

C:\Documents and Settings\Administrator>netstat -r

Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x4000002 ...00 02 b3 24 ff ce ...... Intel(R) PRO Adapter
(Microsoft's Packet Scheduler)
0x8000003 ...00 b0 d0 d0 8b 4a ...... Intel 8255x-based Integrated
Fast Ethernet (Microsoft's Packet Scheduler)
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway
Interface Metric
0.0.0.0 0.0.0.0 202.9.151.1
202.9.151.5 1
127.0.0.0 255.0.0.0 127.0.0.1
127.0.0.1 1
192.168.68.0 255.255.255.0 192.168.68.1
192.168.68.1 1
192.168.68.1 255.255.255.255 127.0.0.1
127.0.0.1 1
192.168.68.255 255.255.255.255 192.168.68.1
192.168.68.1 1
202.9.151.0 255.255.255.0 202.9.151.5
202.9.151.5 1
202.9.151.5 255.255.255.255 127.0.0.1
127.0.0.1 1
202.9.151.255 255.255.255.255 202.9.151.5
202.9.151.5 1
224.0.0.0 224.0.0.0 192.168.68.1
192.168.68.1 1
224.0.0.0 224.0.0.0 202.9.151.5
202.9.151.5 1
255.255.255.255 255.255.255.255 202.9.151.5
202.9.151.5 1
Default Gateway: 202.9.151.1
===========================================================================
Persistent Routes:
None

C:\Documents and Settings\Administrator>netstat -s

IP Statistics

Packets Received = 2935055
Received Header Errors = 0
Received Address Errors = 2819
Datagrams Forwarded = 93487
Unknown Protocols Received = 0
Received Packets Discarded = 83102
Received Packets Delivered = 1270312
Output Requests = 1475311
Routing Discards = 0
Discarded Output Packets = 12185
Output Packet No Route = 0
Reassembly Required = 50
Reassembly Successful = 16
Reassembly Failures = 9
Datagrams Successfully Fragmented = 9
Datagrams Failing Fragmentation = 0
Fragments Created = 18

ICMP Statistics

Received Sent
Messages 43443 44288
Errors 1 0
Destination Unreachable 4249 2739
Time Exceeded 8 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echos 13876 27673
Echo Replies 25309 13876
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0

TCP Statistics

Active Opens = 31860
Passive Opens = 22039
Failed Connection Attempts = 5893
Reset Connections = 13759
Current Connections = 40
Segments Received = 977850
Segments Sent = 1230236
Segments Retransmitted = 21211

UDP Statistics

Datagrams Received = 2243481
No Ports = 6275
Receive Errors = 0
Datagrams Sent = 179383


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')




Other related posts: