On 02/02/2010 16:51, Kathy wrote:Does this help:
> Application event log on sbs 2003 (patched to date) with ISA 2004 is filling
> up with the following warnings every 10 seconds :
>
> Microsoft Firewall
> Packet filter
> Event id: 15108
> ISA Server detected a spoof attack from Internet Protocol (IP) address
> 192.168.2.4. A spoof attack occurs when an IP address that is not reachable
> via the interface on which the packet was received. If logging for dropped
> packets is set, you can view details in the packet filter log.
>
> Often the address listed is 0.0.0.0, but can be almost any subnet (including
> our own)
>
> This seems to coincide with VPN access, of which there is a great deal.
> Sometimes ISA seems to terminate the connection, also.
>
> I've read KB840681, but it doesn't seem to apply as the Causes section
> doesn't apply and there are no other internal networks. The server has a
> Lights Out board, but it's disabled.
>
> ISA BPA reports no errors.
>
> Any ideas?
http://www.eventid.net/display.asp?e...ontrol&phase=1
Re: SBS 2003 and ISA 2004 spoof attack
- 02 Feb 2010 #1
James Hurrell GuestMy System SpecsRe: SBS 2003 and ISA 2004 spoof attack
Re: SBS 2003 and ISA 2004 spoof attack problems?
| Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| RE: SBS 2003 and ISA 2004 spoof attack | Robbin Meng [MSFT] | SBS Server | 0 | 03 Feb 2010 |
| Re: SBS 2003 and ISA 2004 spoof attack | Susan Bradley | SBS Server | 0 | 03 Feb 2010 |
| SSL spoof bug still haunts IE, Safari, Chrome. | JMH | System Security | 0 | 01 Oct 2009 |
| Hilarious spoof | Curt | Vista General | 3 | 18 Jan 2008 |
| Some Pro Vista\Dell Spoof commericals | Dale White | Vista General | 3 | 06 Apr 2007 |
