Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Spoof attack from everyone inside ???
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Spoof attack from everyone inside ??? - 14.Jan.2002 5:41:00 PM
|
|
|
JayM
Posts: 3
Joined: 14.Jan.2002
From: Huntsville, Alabama
Status: offline
|
Hey I have been running a ISA server for awhile now and everything has been fine, but
I moved to a new server and have been bothered by this problem All my internial cpu's are spoofing??? and filling up my logs?? Also some machines on
the outside are spoofing like a WINS server and DHCP server???? These machine are not realy spoofing but ISA thinks so??? Please give a clue ThanX IP HAS BEEN REPLACED WITH XXX The message....
ISA Server detected a spoof attack from Internet Protocol (IP) address XXX.XXX.XXX.XXX. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log.
|
|
|
|
|
RE: Spoof attack from everyone inside ??? - 14.Jan.2002 8:21:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Jay, double check your IP numbering (has it changed?) and the LAT on ISA. Regards,
Stefaan
|
|
|
|
|
RE: Spoof attack from everyone inside ??? - 14.Jan.2002 8:31:00 PM
|
|
|
JayM
Posts: 3
Joined: 14.Jan.2002
From: Huntsville, Alabama
Status: offline
|
No numbering has changed! It almost sounds like I have a loop but
thats not the case??? They are going through VLAN's on the same switch but It has not happened in the past. ThanX
|
|
|
|
|
RE: Spoof attack from everyone inside ??? - 14.Jan.2002 8:36:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi Jay, WOW... do you trust VLAN for splitting the internal and external interface of ISA? I would never, I repeat NEVER do that for security reasons. Can you post the ipconfig /all for all adapters and the routing table? Maybe that tell us more... Regards,
Stefaan
|
|
|
|
|
RE: Spoof attack from everyone inside ??? - 14.Jan.2002 10:22:00 PM
|
|
|
JayM
Posts: 3
Joined: 14.Jan.2002
From: Huntsville, Alabama
Status: offline
|
I have no fear of VLAN's security this
is a Cisco 6509 switch and we run other campus VLAN's with no problem. You have to make sure of your gateway # and Cisco will
allow other gateway address!I beleive I solved the problem! I have four
nic's in this box and the two other nic's (not used yet) had got private address and I guess thier was some bleed over in them ???? ; ) ThanX for the time
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
