Re: Spoof attack

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 1 Jul 2002 06:35:46 -0700

Inline...

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Lim, Arthus T." <alim@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, July 01, 2002 1:09 AM
Subject: [isalist] Re: Spoof attack


http://www.ISAserver.org


Here's my ISA configuration:

Packet Filters:

DNS Filter allow
ICMP Outbound allow
ICMP Ping Response (in) block
    -- not needed if you have packet filtering on
ICMP Source Quench allow
ICMP Timeout in allow
ICMP unreachable in allow
POP3 allow

  -- are you using these protocols at or behind the ISA?

Under General tab, enable packet filtering is checked, enable intrusion
detection is checked.

Under Intrusion detection tab, all are checked

Here's one Application Log Warning Message I got:

ISA server detected a spoof attack from Internet Protocol (IP) address
64.85.13.100.  A spoof attack occurs when an IP address that is not
reachable via the interface on which the packet was received.  If
logging for dropped packets is set, you can view details in the packet
filter log.

Hope you can help me with this.  Thanks

  -- I still need to see the ipconfig/all for the ISA server...

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Monday, July 01, 2002 8:10 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spoof attack

http://www.ISAserver.org


What does the ISA ipconfig/all look like?
Most often, this entry is caused by misconfigured interfaces.

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Lim, Arthus T." <alim@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, June 30, 2002 6:20 AM
Subject: [isalist] Spoof attack


http://www.ISAserver.org


When I enable the Packet Filtering Option,  the log says that I'm having
spoof attack and the users couldn't be able to use the internet.  What
should I do to prevent this?

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
alim@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 07-2002