Hi,
I have a small network of around 30 Win2K computers with two domain controllers.
I have one ISA Server (which is our firewall) with two NICs - one internal, one external which attaches to a leased line via a ISP supplied Cisco router.
Thing is, i keep getting ISA alerts coming up:
"An Intrusion was attempted by an external user - ISA Server detected an all port scan attack from Internet Protocol (IP) address x.x.x.x."
I'm getting anything from two to fifteen a day, with the 'attack' appearing to come from our external DNS server (ie: the IP in the error is the DNS server's belonging to the ISP).
I've run searches all over the web & just can't find any information about this.... i've spoken to our ISP who don't know what it could be... Help?!
I have a small network of around 30 Win2K computers with two domain controllers.
I have one ISA Server (which is our firewall) with two NICs - one internal, one external which attaches to a leased line via a ISP supplied Cisco router.
Thing is, i keep getting ISA alerts coming up:
"An Intrusion was attempted by an external user - ISA Server detected an all port scan attack from Internet Protocol (IP) address x.x.x.x."
I'm getting anything from two to fifteen a day, with the 'attack' appearing to come from our external DNS server (ie: the IP in the error is the DNS server's belonging to the ISP).
I've run searches all over the web & just can't find any information about this.... i've spoken to our ISP who don't know what it could be... Help?!