Re: Event 15108 - ISA Server detected a spoof attack..
- From: "DEV" <devrawat2@xxxxxxxxx>
- Date: 7 Sep 2006 17:11:00 -0700
Hi ,
Microsoft KB - 840681
Regards
DEV
Microsoft EPS
Mark wrote:
HI All,
Ever since installing ISA 2004, the SBS application event log is filling up
with LOTS of these events:
========================================
Event Type: Warning
Event Source: Microsoft Firewall
Event Category: Packet filter
Event ID: 15108
Date: 8/09/2006
Time: 9:05:38 AM
User: N/A
Computer: SERVER1
Description:
ISA Server detected a spoof attack from Internet Protocol (IP) address
10.0.0.1. A spoof attack occurs when an IP address that is not reachable via
the interface on which the packet was received. If logging for dropped
packets is set, you can view details in the packet filter log.
========================================
Our network setup is a DSL NAT router, with static IP that's passed through
to the SBS for email/VPN users. Here's the SBS IPConfig. Have I messed up
something in the CEICW?
========================================
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERVER1
Primary Dns Suffix . . . . . . . : DOMAIN.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : DOMAIN.local
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-11-43-D4-C4-E5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.3
Primary WINS Server . . . . . . . : 192.168.0.3
PPP adapter RAS Server (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.116
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Internet Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection #2
Physical Address. . . . . . . . . : 00-11-43-D4-C4-E6
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.3
Primary WINS Server . . . . . . . : 192.168.0.3
NetBIOS over Tcpip. . . . . . . . : Disabled
========================================
Thanks,
Mark
.
- Follow-Ups:
- Re: Event 15108 - ISA Server detected a spoof attack..
- From: SuperGumby [SBS MVP]
- Re: Event 15108 - ISA Server detected a spoof attack..
- References:
- Prev by Date: Re: Companyweb not working from Client
- Next by Date: Re: Event 15108 - ISA Server detected a spoof attack..
- Previous by thread: Event 15108 - ISA Server detected a spoof attack..
- Next by thread: Re: Event 15108 - ISA Server detected a spoof attack..
- Index(es):
Relevant Pages
|
