Re: Spoof Attack ?
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 13 Sep 2001 17:56:28 -0700
Spoof Attack ?What is in the IP log for that same date/time? It'll tell you
what the actual source IP was in the packet.
Jim Harrison
MCP(2K), A+, Network+, PCG
----- Original Message -----
From: Thum Chee Weng ; Ronnie
To: [ISAserver.org Discussion List]
Sent: Thursday, September 13, 2001 17:31
Subject: [isalist] Spoof Attack ?
http://www.ISAserver.org
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------------------------------------------------------------------------------
hi,
I'm getting a number of spoof attack alerts originating from my internal IP
range.
Can anybody help me to explain why ?
- ronnie -
MCP, MCP+I, MCSE
-----Original Message-----
From: ISASERVER [mailto:ISASERVER]
Sent: None
To: Thum Chee Weng, Ronnie
Subject: ISA Server alert: The IP packet source address is not valid.
ISA Server name: MY_ISA
ISA Server detected a spoof attack from Internet Protocol (IP) address
aaa.bbb.ccc.ddd. A spoof attack occurs when an IP address that is not reachable
via the interface on which the packet was received. If logging for dropped
packets is set, you can view details in the packet filter log.
------------------------------------------------------------------------------
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
