Urgent Help!!! IP spoofing attacks
- From: "Carlos Mauricio Perez Cortes" <mauriciop@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List] (E-mail)" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 10 Aug 2001 11:31:44 -0500
Hello Guys,
I'm having many problems with my ISA Server because it seems someone is
sending IP spoofing attacks. My event log is filling with the following
event:
ISA Server detected a spoof attack from Internet Protocol (IP) address
X.X.X.X (external IP of ISA Server). A spoof attack occurs when an IP
address that is not reachable via the interface on which the packet was
received. If logging for dropped packets is set, you can view details in
the packet filter log.
We have our Web Site published through ISA Server and when the attack
occurs, people on the Internet cannot access our web page. They get the
following error: 403 Forbidden (12202), but if they try to access the
web site by using its IP address ( http://IP_Address/) it loads
correctly. It's very strange because if I try to ping our website (ping
www.domain.com) in that moment I get a response from an unknown IP
address.
I'm not sure if this could be related with Code Red (however IIS 5.0 is
not installed on our ISA Server). Sincerely I don't know what to do.
Could you give me a little help ???.
Thanks a lot,
CARLOS MAURICIO PEREZ C.
Technical Support
Å: mauriciop@xxxxxxxxxxxx
SoloSoft Ltda.
Other related posts:
