RE: Spoof Attack (Kelli Irwin)
- From: "John Watson" <jwatson@xxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Tue, 21 Aug 2001 19:04:36 -0600
You might also want to check that the Local Address Table is configured
correctly.
John Watson.
> If the ip address in xxx.xxx.xxx.xxx is an internal address then you
> could have a DNS configuration issue. =20
>
> Got to http://www.isaserver.org and select the message boards. Once at
> the message boards issue a search and search for spoofs and dns.
>
>
> Joseph
>
>
>
>
> -----Original Message-----
> From: Carlos Mauricio Perez Cortes [mailto:mauriciop@xxxxxxxxxxxx]=20
> Sent: Tuesday, August 21, 2001 1:53 PM
> To: [ISAserver.org Discussion List]
> Subject: RE: [isalist] Spoof Attack (Kelli Irwin)
> Importance: High
>
> Hello Kelli,
>
> I'm having exactly the same problem you're suffering. I sent 2 messages
> to ISA Server discussion list but I didn't get a response.
>
> CARLOS MAURICIO PEREZ C.=20
> Soporte T=E9cnico
> <mailto:mauriciop@xxxxxxxxxxxx>=20
> http://www.solosoft.com
> SoloSoft Ltda.=20
> AV. 9 No 126-30 OF. 703=20
> (PBX: +57(1) - 523 09 90=20
> =CAFAX: +57(1) - 523 09 80
> =C8CEL: +57(1) - 325 53 18
> BOGOTA, D.C. - COLOMBIA
>
>
> -----Original Message-----
> From: Kelli Irwin [mailto:kirwin@xxxxxxxxxxxxxxxxxxxxxx]
> Sent: Martes 21 de Agosto de 2001 02:11 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Spoof Attack
>
>
> http://www.ISAserver.org
>
>
> Hi All,
>
> I am relatively new to this "game" so please take it easy on me. :-)
> I am getting almost endless Application Log Warning messages.
> =09
> We will get these Application Event Log Warnings over several hours, as
> few as 1 or 2 a minute and as many as 1 every second:
> =09
> "ISA Server detected a spoof attack from Internet
> Protocol (IP) address xxx.xxx.xxx.xxx.=20
> A spoof attack occurs when an IP address that is not
> reachable via the interface on which=20
> the packet was received. If logging for dropped packets
> is set, you can view details in=20
> the packet filter log."
>
>
> This sometimes causes an interruption of Internet service. If I try to
> reach a Web Site the browser will error-out. When it does I will then
> get this Application Event Log Error:
>
> "The ISA Server services cannot create a packet filter
> xxx.xxx.xxx.xxx.=20
> This event occurs when there is a conflict between the
> Local Address=20
> Table (LAT) configuration and the Windows 2000 routing
> table. Check=20
> the routing table and the LAT to find the source of the
> conflict."
>
> The pattern is then that the Spoof messages will stop for a bit... then
> the whole cycle will start over.
>
> Could this be caused by our network being configured incorrectly? Are
> there tools available that I can use to figure this out? Is this just a
> plain ol' Spoof Attack?
> I will add that we are running our own Exchange Server and also hosting
> our own Web Site.
>
> Any help will be appreciated.
>
> Thanks,
>
> Kelli M. Irwin
>
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> mauriciop@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
