Understanding intrusion detection
- From: "Kirk Poser" <kaptinkirk@xxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 19 Oct 2001 15:49:04 -0500
Hi Group,
If anyone could Help me understand what I am looking for when I work with ISA
please:
1. I have intrusion detection configured to email me. When I get an email
saying that I am experiencing an ALL PORT SCAN, does this mean someone is
specifically trying to get into my system, or are they simply scanning an IP
range to see who is open for business? (Isa connected to cable modem)
2. When I look at the logs, what is a red flag that someone has broken down the
door?
3. If I see an IP address scanning my system that looks like an internal
address, is this what they call IP spoofing, and I would not be able to trace
back who it is?
4. I have used port scan on .grc.com and it shows me in stealth mode on my
ports. Am I safe to assume I have configured ISA correctly so I am somewhat
invisible on the net?
Thanks for everyone's help
Kapt Kirk
MCP NT4
MCP Windows 2000
A+
kaptinkirk@xxxxxxxxxx more from the Web. FREE MSN Explorer download :
http://explorer.msn.com
Other related posts:
- » Understanding intrusion detection
