• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

How to handle attacks on ISA

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> How to handle attacks on ISA Page: [1]
Login
Message << Older Topic   Newer Topic >>
How to handle attacks on ISA - 3.Dec.2001 6:12:00 PM   
nouellette

 

Posts: 27
Joined: 22.Mar.2001
From: Dearborn, MI USA
Status: offline
I have questions about how to handle attacks on the ISA server. I get some random port scan attacks from various IP addresses all over the US...not frequently but enough where I do want to at least do something.

I get the IP that performed the scan, do an NSLOOKUP and get the DNS name...I then get the contact information from either a website if they have one or by doing a WHOIS on the domain.

My question is...what rights do we have as a business? No damage is done to internal systems so we obviously cannot file criminal charges...so I'm wondering what steps you take in these types of attacks. Do you report them to their ISP? Do you call their supervisors and let them know what's going on? What type of warnings do you give these people?

Post #: 1
RE: How to handle attacks on ISA - 3.Dec.2001 7:29:00 PM   
msgelinas

 

Posts: 79
Joined: 21.Sep.2001
From: Victoria,BC,Canada
Status: offline
Absolutely Report them to your ISP and have them contact the ISP that owns the address that is scanning you. Most ISPs will disconnect the sevice to accounts that attack others on the net.

(in reply to nouellette)
Post #: 2
RE: How to handle attacks on ISA - 3.Dec.2001 8:13:00 PM   
nouellette

 

Posts: 27
Joined: 22.Mar.2001
From: Dearborn, MI USA
Status: offline
Thanks for that.

I tracked this to a machine at the University of Texas...I called and they stated they think some students took control of a machine in a secured room that controls modem pools etc. I just don't want my complaint to fall through the cracks.

How can I get more detailed monitoring on exactly what these people scanned or did? All I get in my event viewer is just the fact that someone did a "half-scan attack"...I don't get a list of the actual ports scanned, etc. I wish I could get more detailed logging about the intrusion.


(in reply to nouellette)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> How to handle attacks on ISA Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts