Amy, have you tried disconnecting the cable from the internal NIC and checking to see if the problem continues? John Tolmachoff Engineer/Consultant/Owner eServices For You > -----Original Message----- > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] > Sent: Wednesday, January 05, 2005 9:41 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Syn Flood Update > > http://www.ISAserver.org > > Bad news. The IP address change did nothing. The firewall log is still > completely full of tcp syn flooding. The strange thing is that I noticed > that when I log into the firewall remotely, it shows MY ip address as > the source of the problem, along with a bunch of others. Could this be a > configuration problem in the ISP's router? > > Amy > > > > > -----Original Message----- > From: josephk [mailto:josephk@xxxxxxxxx] > Sent: Wednesday, January 05, 2005 10:17 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Syn Flood Update > > http://www.ISAserver.org > > Hi Amy, > > What internal software is being used? i.e. > 1. SpamLion or other spam processing email program. > 2. Any on borad NIC's? (check with vendor for driver updates) > 3. http://www.emsisoft.com/en/ is another good Trojan scanner > I use a combination of tools > 4. Double check all the run, runex and runonce on each of the machines. > I have a script that can read all the machines on the network and > create > A report of those if you would like to give it a try just let me > know. > > Joseph > -----Original Message----- > From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx] > Sent: Wednesday, January 05, 2005 5:54 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] Syn Flood Update > > http://www.ISAserver.org > > Ran network monitor looking for high volume of packets coming from any > particular network card. Found nothing. > > Next we changed to another IP address in our currently allocated block. > No change in flooding. > > Asked for an allocation of different IP address block from ISP. Got run > through the ringer by the ISP telling me that this was all my fault and > that something on the internal network must be prompting this long list > of machines in other countries to flood our network or that the firewall > (non-ISA) is compromised. We're getting the new address block - he was > supposed to deliver yesterday but didn't. I've already scanned each PC > using spybot. I do not believe that there is anything internal causing > this problem. Short of re-imaging every machine is there anything I can > do to be certain? > > Amy > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > josephk@xxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > amy@xxxxxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx