RE: port scan detected
- From: "Rogers, Brian" <RogersB@xxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 19 Aug 2003 14:33:54 -0400
See..had I implemented this already...it would have created a packet filter
to block all traffic from its own IP.....I don't really know how the server
would have responded to that :/
-----Original Message-----
From: Mark Hopkins [mailto:Mark.Hopkins@xxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 19, 2003 2:34 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: port scan detected
http://www.ISAserver.org
It can be automated. One way is illustrated on Jim Harrison's ISA web site
(http://www.isatools.org/ <http://www.isatools.org/> ).
Mark
_____
From: Rogers, Brian [mailto:RogersB@xxxxxxxxxxxxxx]
Sent: Tuesday, August 19, 2003 1:23 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: port scan detected
http://www.ISAserver.org
I simply don't have time to add a new filter for each and every ip address
that scans the firewall.
Perhaps if it would allow you to create a list of them you could
update...but creating a single packet filter for every scan ive gotten would
take me hours.
-----Original Message-----
From: Mark Hopkins [mailto:Mark.Hopkins@xxxxxxxxxxxxxxxxxxxxx]
Sent: Tuesday, August 19, 2003 2:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: port scan detected
http://www.ISAserver.org
Personally, I figure that a port scan on my site is someone up to no good,
and I ban the IP address (inbound). If the IP address if resolvable and I
can contact the owner, I will attempt to do so. If the owner takes
appropriate action (to my liking), I remove the packet filter. Lately I seem
to be getting a couple of scans per week. Perhaps I should ban all incoming
traffic! :-) :-) :-)
Mark
_____
From: Dan Gabbard [mailto:intellihome@xxxxxxxxxxx]
Sent: Tuesday, August 19, 2003 11:31 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] port scan detected
http://www.ISAserver.org
I have been getting scanned from several IP addresses that belong to C2
Media Ltd for the last three or four days. It doesn't seem to be causing any
problems but I'm curious to know what others do when they are being scanned
by the same address block. The address range is from 66.220.17.46 to
66.220.17.55. I searched for info on C2 Media Ltd and they are a
pay-per-click ad service that seems to be despised by everyone that has come
across them. This tells me writing them to complain would be a waste of
time.
Any suggestions on how to handle this would be great. Or should I just not
worry about it?
Thanks,
Dan
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mark.hopkins@xxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rogersb@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mark.hopkins@xxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rogersb@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
