RE: Spoof Attack
- From: AAS <AAS@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 28 Nov 2005 08:12:21 -0800
Hi:
Sorry for the late reply. But we were enjoying our Thanksgiving holidays
and the office was closed since last Thursday.
I followed your instructions and found that Wins Server was listed in the
TCP/IP tab and removed it. Everthing else was correct. however, i did the
spoof error was logged again.
I IP address that is been logged as a part of the message is not from my
Domain.
--
AAS
""Crina Li"" wrote:
> Hi AAS,
>
> Thank you for posting in SBS newsgroup.
>
> From your problem description, I understand this issue to be: you get the
> Warning event 15108 on your SBS 2k3 machine with ISA 2004. If I have
> misunderstood your concerns, please do not hesitate to let me know.
>
> Based on my experience, this behavior may occur if both of the following
> conditions are true:
>
> - The internal network adapter on the ISA Server computer points to a
> default gateway address that is on the internal network.
> - The network adapter on the server that has the published resource points
> to the same internal default gateway address as the ISA Server computer.
>
> To resolve this behavior, please perform the following steps:
>
> 1. Remove the default gateway address on the internal network adapter of
> the ISA Server computer. For ISA Server to function correctly, the
> internal network adapter should not have a default gateway specified.
>
> 1) Click "Start", point to "Settings", and then click "Network and Dial-up
> Connections".
> 2) Right-click the internal adapter, and then click "Properties".
> 3) Click "Internet Protocol (TCP/IP)", and then click "Properties".
> 4) Remove the default gateway address in the "Default gateway" box, and
> then click "OK" two times.
>
> 2. If there are other internal networks that send and receive traffic
> through the ISA Server computer, use the route add command with the -p
> switch to add a persistent static route to each internal network. When you
> specify the gateway address, point to the internal router that permits
> access to the other internal networks. Configure persistent static routes
> on the internal adapter of the ISA Server computer and on the server that
> has the published resource. For more information about how to use the route
> command, type route /? at a command prompt.
>
> 3. On the server that has the published resource, configure the default
> gateway address to point to the internal address of the ISA Server computer.
>
> 1) Click "Start", point to "Settings", and then click "Network and Dial-up
> Connections".
> 2) Right-click the internal adapter, and then click "Properties".
> 3) Click "Internet Protocol (TCP/IP)", and then click "Properties".
> 4) In the "Default gateway" box, type the internal address of the ISA
> Server computer, and then click "OK" two times.
>
> 4. Please rerun the CEICW again to configure ISA as default settings.
> Please refer to the following KB article:
>
> 825763 How to configure Internet access in Windows Small Business Server
> 2003
> http://support.microsoft.com/?id=825763
>
> For more info, please refer to:
>
> 888042 ISA Server 2004 does not support traffic redirection
> http://support.microsoft.com/?id=888042
>
> 884496 Client computers cannot access external resources, and event ID 14147
> http://support.microsoft.com/?id=884496
>
> 840681 Attempts to access published resources are logged as spoof attacks
> with
> http://support.microsoft.com/?id=840681
>
> Besides, please check the following:
>
> 1. Check to see if a WINS server is listed on the WINS tab of TCP/IP
> properties for existing External network adapters. If there is remove it.
> 2. Please disable NetBIOS over TCP/IP on the External adapter from External
> Connection Properties\TCP/IP properties\Advanced\Wins tab.
> 3. Updated the NIC drivers.
>
> Please do not hesitate to let me know if you have any questions or if you
> need further assistance.
>
> Thanks for your time and I look forward to your reply.
>
> Best regards,
>
> Crina Li (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
>
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> --------------------
> | Thread-Topic: Spoof Attack
> || From: =?Utf-8?B?QUFT?= <AAS@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | Subject: Spoof Attack
> | Date: Wed, 23 Nov 2005 06:50:22 -0800
> | | Newsgroups: microsoft.public.windows.server.sbs
> |
> | In the last couple of days i have been receiving the following in the
> | Application Event Log:
> |
> | ISA Server detected a spoof attack from internet Protocol address
> (address
> | keeps changing). Source Microsoft Firewall Category Packet Filter Event
> ID
> | 15108.
> |
> | Should i be concerned? Thanks for any help.
> | --
> | AAS
> |
>
>
.
- Follow-Ups:
- RE: Spoof Attack
- From: Edward Tian
- RE: Spoof Attack
- References:
- RE: Spoof Attack
- From: "Crina Li"
- RE: Spoof Attack
- Prev by Date: Re: Reconnect mailbox error
- Next by Date: Re: Upgrading from NT4 to SBS2003 Premium
- Previous by thread: RE: Spoof Attack
- Next by thread: RE: Spoof Attack
- Index(es):
Relevant Pages
|
