Re: Intrusion Attempts ?
- From: "Mal Osborne" <noone@xxxxxxxxxxx>
- Date: Sat, 2 Jul 2005 18:33:12 +0800
It probably is an intrusion attempt, but nothing to worry about, as long as
you have not left any doors open.
What some hacker here has done here, is attempted to connect to a large
number of ports between 1 & 2048. Probably all ports, probably logged
somewhere, and probably thousands of other random IP addresses. Mr Hacker
now knows what ports you have open. From this he can probably deduce that
you are running an SBS server, and how your mail is configured. He also has
a list of other IPs, and the ports they have open.
>From here, he can try a variety of attacks. If ports 135, 138, 139 or 445
are open, you have a big problem, as a netbios connection can be made. If
port 25 is open, a relay attack may be attempted. Someone may observe you
are running Exchange, and attempt a dictionary realy attack on port 25.
What has happend sop far is akin to someone walking down the street &
looking for open front doors. This kind of thing is to be expected.
Mal Osbonre
MCSE MVP Mensa
"Gary D" <gary@xxxxxxxxxxxxxxxx> wrote in message
news:eLy3mkkfFHA.3940@xxxxxxxxxxxxxxxxxxxxxxx
>I have a SBS2000 system and daily receive the following ISA server
>intrusion notifications.
>
> ISA Server name: ABCSERVER
> ISA Server detected a well-known port scan attack from Internet Protocol
> (IP) address 80.176.209.174. A well-known port is any port in the range of
> 1-2048. For more information about this event, see ISA Server Help.
>
> What steps can I take if any, is this a genuine intrusion attempt or
> possibly a virus infected system somewhere ?
>
> Thanks in Advance
>
> Gary
>
>
.
- References:
- Intrusion Attempts ?
- From: Gary D
- Intrusion Attempts ?
- Prev by Date: Re: Convert SBS 2003 to Standard??
- Next by Date: Upgrade to SP1 after Trial version
- Previous by thread: Re: Intrusion Attempts ?
- Next by thread: Standard to Premium conversion
- Index(es):
Relevant Pages
|
