RE: Syn Flood Update

• From: TRadtke@xxxxxxxxxxxx
• To: isalist@xxxxxxxxxxxxx
• Date: Wed, 5 Jan 2005 08:09:35 -0600

Unplug the internal network from the firewall.  If something internal is
doing it, that would be the best way to figure it out.  Or it'll point to an
external threat or a flaw in the firmware of your current firewall.  (it was
a linksys or something like that, wasn't it?)

6 hours of downtime for the network vs X number of days imaging every
machine and working out the bugs/user issues/complaints/lost data.......
Personally, the 6 hours (or 4 hrs or 2hrs)of down time in non-invasive and
the network can be put back exactly the way it was.

Good luck with whatever you pick. It's a real toss up.

Troy
-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, January 05, 2005 7:54 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Syn Flood Update


http://www.ISAserver.org

Ran network monitor looking for high volume of packets coming from any
particular network card. Found nothing.

Next we changed to another IP address in our currently allocated block.
No change in flooding. 

Asked for an allocation of different IP address block from ISP. Got run
through the ringer by the ISP telling me that this was all my fault and
that something on the internal network must be prompting this long list
of machines in other countries to flood our network or that the firewall
(non-ISA) is compromised. We're getting the new address block - he was
supposed to deliver yesterday but didn't. I've already scanned each PC
using spybot. I do not believe that there is anything internal causing
this problem. Short of re-imaging every machine is there anything I can
do to be certain?

Amy
 
 
 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tradtke@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update

1. Home
2. isalist
3. Archive
4. 01-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---