Re: attacks

• From: "Dusty Jones" <dusty@xxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 4 Feb 2003 09:42:49 -0800

Hi,
I occasionally get these kind of messages. If you run tracert against the
address in the message you will find that alot of time its from a web
application of some kind. For example, I have gotten these scans from some
of the streaming radio sites, yahoo services (search engine?) as well as a
couple of online banking services. I am not sure why these services need to
scan but for some reason they sometimes do. This may or may not be the case
with your situation. But, at least with the tracert you can determine if it
is from some legimate domain or from elsewhere. The tracert command will
resolve the ip address to a host and domain name if it is actually in a
registered domain.

As far as the locking up, what are the specs of the box running ISA?

Dusty Jones
MCSE, CCNA

----- Original Message -----
From: <klymaxis@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, February 04, 2003 4:26 AM
Subject: [isalist] attacks


> http://www.ISAserver.org
>
>
> The last 4 months I am having a problem with internet attacks . The
> messages from Isa Server are: "ISA Server detected an all port scan attack
> from Internet Protocol (IP) address 62.189.244.229. For more information
> about this event, see ISA Server Help. " and
> "ISA Server detected an Internet Protocol (IP) half-scan attack from IP
> address 216.178.5.2. For more information about this event, see ISA Server
> Help.". The IP addresses are changing all the time and sometimes the
> Server is locking itsself. What should I do in order to stop that?
>
> Thank you in advance
> Lymaxis Kostas
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
dusty@xxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>

Other related posts:

• » attacks
• » RE: attacks
• » Re: attacks
• » RE: attacks
• » Re: attacks

1. Home
2. isalist
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---