Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login
Posted: 2/21/2006 6:47:29 AM EDT
I am receiving a large number of "All port scan attack" alerts in my ISA Server 2004 dashboard. The largest number are from IP 69.95.2.66!!

Any advice as to what I can/should do about this would be appreciated.
Link Posted: 2/22/2006 5:22:13 AM EDT
24 hour Bump
Link Posted: 2/23/2006 9:11:08 AM EDT
Anybody?
Link Posted: 2/23/2006 9:59:51 AM EDT
Add 69.95.2.66 as a deny in the router's ACL.
Link Posted: 2/23/2006 10:34:19 AM EDT
call or email your isp and give them the ip address, and tell them what they aredoing. the isp would contact them and it would be stopped.

alot of isp's with terminate your service i thought for excessive port scanning.

might im adair_usmc and see what he has to say, I belive he works for a isp.
Link Posted: 2/23/2006 10:49:59 AM EDT
Yes, contact your ISP ASAP. It might be a real attack, but more likely it is a hijacked server of someone in a legitimate business who doesn't realize their server has been hacked. It could also have a virus on it.

Once (back in the day) I had a server that was doing attacks automatically after it had been hacked. My ISP called me and let me know, and I was able to fix it quick. It was my fault that I was not paying attention, but I was glad that my ISP was looking out for me rather than letting it go on.

You can block it at your firewall, or block it at your router also. Also, it would be intresting to see who owns that block of IP addresses which the attack is coming from.

Link Posted: 2/23/2006 11:25:36 AM EDT
yep add ip or ip range to deny list, then contact their ISP, then port scan them(optional).
Link Posted: 2/23/2006 12:02:34 PM EDT
Thanks guys I was trying to block it in ISA but I don't look like I can block it there.
Top Top