Hey guys, Are you being spoofed? Or are your LAT entries incorrect or are you putting two interfaces on the same segment? Its strange to see a spoof from a public address since it should be reachable from the external interface. Thanks! Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Rami SIK [mailto:rami@xxxxxxxxxxxxxxx] Sent: Thursday, June 05, 2003 3:46 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Spoof Attack http://www.ISAserver.org I am also getting such messages recently. This morning, there were more than 500 email alerts complaining spoof attack. Any idea? -------------------------------------------------------------------- Rami SIK System & Network Administrator CCNA Kimyatas Istanbul / Turkey Tel:90-212-334 4963 -------------------------------------------------------------------- -----Original Message----- From: Lim, Arthus T. [mailto:alim@xxxxxxxxx] Sent: Thursday, June 05, 2003 11:34 AM To: [ISAserver.org Discussion List] Subject: [isalist] Spoof Attack http://www.ISAserver.org ISA Server detected a spoof attack from Internet Protocol (IP) address 203.167.103.38. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log. I received a lot of this alert messages lately. How can I avoid spoof attack? ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rami@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')