If I found out that it was a real attack, how can I be able to block them? -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, August 01, 2002 8:59 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: block port scan attackers http://www.ISAserver.org If you've received an alert, they were blocked. Also, not everything ISA alerts on is malicious behavior; sometimes it's just "late" packets. You can scan your IP...log for the same date/time as listed in the event log to see what was happening that ISA interpreted as a scan and decide from there whether or not you want to actively block them. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: "Lim, Arthus T." <alim@xxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, July 31, 2002 11:17 PM Subject: [isalist] block port scan attackers http://www.ISAserver.org I'm receiving reports like this in my logs: ISA Server name: TEQUILA ISA Server detected an all port scan attack from Internet Protocol (IP) address 65.121.237.200. For more information about this event, see ISA Server Help. How can I block certain external IP addresses in ISA? ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: alim@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')