• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

All requests to ISA box are blocked as "Spoof Attempts"

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> All requests to ISA box are blocked as "Spoof Attempts" Page: [1]
Login
Message << Older Topic   Newer Topic >>
All requests to ISA box are blocked as "Spoof Atte... - 22.May2002 6:43:00 PM   
Craigman

 

Posts: 4
Joined: 22.May2002
From: Kansas City, MO
Status: offline
At one time my ISA box was working properly, and as I've been trying to iron minor problems out, aparently I changed something causing a major problem.

ANY requests made of the ISA server from an outside machine (such as DNS requests, SMTP attempts, VPN attempts, etc both TCP and UDP) all get rejected by the packet filter and recorded in the log as spoof attempts. The event log messages read:


Event ID: 15108
Source: Microsoft ISA Server
Category: Packet Filter
ISA Server detected a spoof attack from Internet Protocol (IP) address <ip here>. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log.


The packet filter log confirms that the packet was discarded with a log entry that shows the correct destination address (the external interface of the ISA box) and correct source address (the IP of the machine on the internet). Under interface, the correct IP of the external interface of the ISA box is shown.

The last thing I did was remove the DNS service from the ISA box because it wasn't supposed to even be there and it was causing problems publishing my DNS servers that sit behind it. After I rebooted (and have rebooted several times since) this has happened every time.

Has anyone seen this? Where should I start looking? It's killing me....
Post #: 1
RE: All requests to ISA box are blocked as "Spoof ... - 22.May2002 6:52:00 PM   
Abraham

 

Posts: 166
Joined: 8.Mar.2002
From: Colombia
Status: offline
Hi.Craig Scheets

Some Questions??.

1. Do you enable Intrusion Detection??
2. Do you have SP1 for ISA??
3. What kind of Packet Filters have you configured??
4. How is the Configuration of your Incoming web Request tab.

Tell me About!

(in reply to Craigman)
Post #: 2
RE: All requests to ISA box are blocked as "Spoof ... - 22.May2002 6:54:00 PM   
Craigman

 

Posts: 4
Joined: 22.May2002
From: Kansas City, MO
Status: offline
Not sure what the problem was, but after disabling/re-enabling the WAN interface multiple times it came up and is working now.

For some reason that interface was accepting packets, but not sending. I also found my proxy service wasn't working either, which led me to the actual interface.

Perhaps I have a bad card/cable... I'll work towards a more permanent solution. I was just banging my head because it was immediately after I removed the DNS service that the trouble started.

(in reply to Craigman)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> All requests to ISA box are blocked as "Spoof Attempts" Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts