Re: EventID 21284
- From: S H A R I Q U E <SHARIQUE@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 7 Apr 2008 11:31:01 -0700
Well MAN!!
this nuisance has strained my every nerve!!!i am also getting IP Spoofing
attacks from APIPA range IPs and Public IPs :(
just before finishing the day off...i restarted three servers in safe mode
and ran trend micro's SYSCLEAN(which runs in DOS mode)...it did catch some
viruses but not again to my expectation b/c the severity of the issue....but
at clients side i caught numerous ones like PE_Sality.AL etc....i woul
check it on tuesday morning did the scan remove any virus or not...
Another weired thing happened...ISA Server 2006 is running on domain
controller, OK....all domain controller clients clock augmented by 1
hour...afterward clients failed to login...what i did is to demote the client
to workgroup and then join them again....!!!!!!!!!!!!!!!!!
as u mentioned that you used Spybot S&D..is it free to use..
"Phillip Windell" wrote:
"S H A R I Q U E" <SHARIQUE@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message.
news:FD29FD67-EB78-4969-9749-EE7DEAB26F48@xxxxxxxxxxxxxxxx
Please let me know in whether this attack is happening from outside since
it
shows source IP to be my public IP.Furthermore, which tool i should run to
detect malware.I ran Windows Malicious Software Removal Tool(march 2008),
it
detected Win32/MyWife.E!CME24 and Win32/Nuwar.B!ini and removed.Are they
causing the issue.
How in the world do you end up with Spyware/Malware on the ISA??
Stop using it for a workstation to browse the Internet. There are reasons
why,...by default,...ISA doesn't allow any traffic to and from itself and
does not allow internet browsing from itself. That is also why you aren't
supposed to install anything else on the ISA machine. It is a Firewall
Product and you should treat it just like you would a PIX, CheckPoint,
SonicWall, Watchgaurd, whatever,...you would not be browsing the internet
from those or installing anything on them.
Run multiple Spyware/Malware Tools on it. No single product does it all.
I use Spybot S&D and Adaware from Lavasoft.
Then run a quality AV product on it as well. Do a full deep scan.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
- References:
- EventID 21284
- From: S H A R I Q U E
- Re: EventID 21284
- From: Phillip Windell
- EventID 21284
- Prev by Date: Re: Any Way to Redirect Outgoing HTTP Requests to Specific IP
- Next by Date: failed to log
- Previous by thread: Re: EventID 21284
- Next by thread: Web Publishing - providing certificates to websites
- Index(es):
Relevant Pages
|
Loading
