See..had I implemented this already...it would have created a packet filter to block all traffic from its own IP.....I don't really know how the server would have responded to that :/ -----Original Message----- From: Mark Hopkins [mailto:Mark.Hopkins@xxxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, August 19, 2003 2:34 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: port scan detected http://www.ISAserver.org It can be automated. One way is illustrated on Jim Harrison's ISA web site (http://www.isatools.org/ <http://www.isatools.org/> ). Mark _____ From: Rogers, Brian [mailto:RogersB@xxxxxxxxxxxxxx] Sent: Tuesday, August 19, 2003 1:23 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: port scan detected http://www.ISAserver.org I simply don't have time to add a new filter for each and every ip address that scans the firewall. Perhaps if it would allow you to create a list of them you could update...but creating a single packet filter for every scan ive gotten would take me hours. -----Original Message----- From: Mark Hopkins [mailto:Mark.Hopkins@xxxxxxxxxxxxxxxxxxxxx] Sent: Tuesday, August 19, 2003 2:10 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: port scan detected http://www.ISAserver.org Personally, I figure that a port scan on my site is someone up to no good, and I ban the IP address (inbound). If the IP address if resolvable and I can contact the owner, I will attempt to do so. If the owner takes appropriate action (to my liking), I remove the packet filter. Lately I seem to be getting a couple of scans per week. Perhaps I should ban all incoming traffic! :-) :-) :-) Mark _____ From: Dan Gabbard [mailto:intellihome@xxxxxxxxxxx] Sent: Tuesday, August 19, 2003 11:31 AM To: [ISAserver.org Discussion List] Subject: [isalist] port scan detected http://www.ISAserver.org I have been getting scanned from several IP addresses that belong to C2 Media Ltd for the last three or four days. It doesn't seem to be causing any problems but I'm curious to know what others do when they are being scanned by the same address block. The address range is from 66.220.17.46 to 66.220.17.55. I searched for info on C2 Media Ltd and they are a pay-per-click ad service that seems to be despised by everyone that has come across them. This tells me writing them to complain would be a waste of time. Any suggestions on how to handle this would be great. Or should I just not worry about it? Thanks, Dan ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mark.hopkins@xxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rogersb@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mark.hopkins@xxxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rogersb@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')