RE: Syn Flood Update

• From: "josephk" <josephk@xxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Wed, 5 Jan 2005 07:17:04 -0800

Hi Amy,

What internal software is being used? i.e. 
1. SpamLion or other spam processing email program.
2. Any on borad NIC's? (check with vendor for driver updates)
3. http://www.emsisoft.com/en/ is another good Trojan scanner
   I use a combination of tools
4.  Double check all the run, runex and runonce on each of the machines.
    I have a script that can read all the machines on the network and
create
    A report of those if you would like to give it a try just let me
know.

Joseph
-----Original Message-----
From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, January 05, 2005 5:54 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Syn Flood Update

http://www.ISAserver.org

Ran network monitor looking for high volume of packets coming from any
particular network card. Found nothing.

Next we changed to another IP address in our currently allocated block.
No change in flooding. 

Asked for an allocation of different IP address block from ISP. Got run
through the ringer by the ISP telling me that this was all my fault and
that something on the internal network must be prompting this long list
of machines in other countries to flood our network or that the firewall
(non-ISA) is compromised. We're getting the new address block - he was
supposed to deliver yesterday but didn't. I've already scanned each PC
using spybot. I do not believe that there is anything internal causing
this problem. Short of re-imaging every machine is there anything I can
do to be certain?

Amy
 
 
 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
josephk@xxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update
• » RE: Syn Flood Update

1. Home
2. isalist
3. Archive
4. 01-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---