Re: Spoof attack
- From: "Lim, Arthus T." <alim@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 2 Jul 2002 09:51:04 +0800
Here's my IPConfig /all
Windows 2000 IP Configuration
Hostname: Servername
Primary DNS Suffix ABC.com
Node Type Hybrid
IP Routing Enabled No
WINS Proxy Enabled No
DNS Suffix Search List ABC.com
Ethernet Adapter Local Area Connection 2
Connection Specific DNS Suffix
Physical Address 00-04-76-2F-B6-44
DHCP Enabled No
IP Address 192.168.0.z
Subnetmask 255.255.255.0
Default Gateway 192.1680.x
DNS Servers 192.168.0.y
192.168.0.x
Ethernet Adapter Local Area Connection
Connection Specific DNS Suffix
Physical Address 00-E0-18-1E-82-04
DHCP Enabled No
IP Address 202.164.x.y
Subnetmask 255.255.255.z
Default Gateway 202.164.x.w
DNS Server 202.164.x.v
202.164.x.u
203.167.a.b
As for your first question, Im using the protocols at ISA.
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Monday, July 01, 2002 9:36 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spoof attack
http://www.ISAserver.org
Inline...
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Lim, Arthus T." <alim@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, July 01, 2002 1:09 AM
Subject: [isalist] Re: Spoof attack
http://www.ISAserver.org
Here's my ISA configuration:
Packet Filters:
DNS Filter allow
ICMP Outbound allow
ICMP Ping Response (in) block
-- not needed if you have packet filtering on
ICMP Source Quench allow
ICMP Timeout in allow
ICMP unreachable in allow
POP3 allow
-- are you using these protocols at or behind the ISA?
Under General tab, enable packet filtering is checked, enable intrusion
detection is checked.
Under Intrusion detection tab, all are checked
Here's one Application Log Warning Message I got:
ISA server detected a spoof attack from Internet Protocol (IP) address
64.85.13.100. A spoof attack occurs when an IP address that is not
reachable via the interface on which the packet was received. If
logging for dropped packets is set, you can view details in the packet
filter log.
Hope you can help me with this. Thanks
-- I still need to see the ipconfig/all for the ISA server...
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Monday, July 01, 2002 8:10 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Spoof attack
http://www.ISAserver.org
What does the ISA ipconfig/all look like?
Most often, this entry is caused by misconfigured interfaces.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Lim, Arthus T." <alim@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, June 30, 2002 6:20 AM
Subject: [isalist] Spoof attack
http://www.ISAserver.org
When I enable the Packet Filtering Option, the log says that I'm having
spoof attack and the users couldn't be able to use the internet. What
should I do to prevent this?
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
alim@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
alim@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
