Urgent Help!!! Problems with IpHalfScan and Spoofing Attacks :o(
- From: "Carlos Mauricio Perez Cortes" <mauriciop@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List] (E-mail)" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 15 Aug 2001 17:10:34 -0500
Hello Friends,
I have been checking my ISA Server log files because I'm receiving a lot
of alerts about IP Spoofing and IP Half Scan Attacks. I found the
following suspicious entries in a log file called IPPEXTD20010814:
#Fields: date time source-ip destination-ip protocol
param#1 param#2 tcp-flags filter-rule interface
ip-header payload
14/08/2001 20:58:41 128.2.24.41 200.14.207.98 Tcp
21 21 FIN SYN IpHalfScan 200.14.207.98 45 00
00 28 9a 02 00 00 1c 06 d5 31 80 02 18 29 c8 0e cf 62 00 15 00 15 6b
4a b1 1f 71 44 96 13 50 03 04 04 58 55 00 00
14/08/2001 22:09:57 200.14.207.98 200.14.207.98 ICMP
8 0 - Spoof 200.14.207.98 45 00 00 3c 7d 36 00 00
7b 01 93 a8 c8 0e cf 62 c8 0e cf 62 08 00 2c 5c 01 00 20 00 61 62
63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 75 76 77 61 62 63
64 65 66 67 68 69
Could you help me to understand that entries ??
Could you explain me how these attacks work ??
How can I block these attacks ??
Thanks for your help,
CARLOS MAURICIO PEREZ C.
Technical Support
s: mauriciop@xxxxxxxxxxxx
SoloSoft Ltda.
Other related posts:
