[Intrusions] ISA Server port scan attack - servers own external ip

[bugtraq at cgisecurity.net]

Sounds like a good thing to do to me. 



> 
> ISA Server name: ISA-STANDALONE
> 
> =20
> 
> ISA Server detected an all port scan attack from Internet Protocol (IP)
> address 192.168.1.252.
> 
> =20
> 
> For more information about this event, see ISA Server Help.
> 
> =20
> 
> And
> 
> =20
> 
> ISA Server name: ISA-STANDALONE
> 
> =20
> 
> ISA Server detected a well-known port scan attack from Internet Protocol
> (IP) address 192.168.1.252. A well-known port is any port in the range
> of 1-2048. For more information about this event, see ISA Server Help.
> 
> =20
> 
> =20
> 
> This ip address in these message alerts is binded to the external NIC of
> the ISA Server. Has anyone experienced this or has heard of this?
> 
> =20
> 
> Thanks
> 
> Eric=20
> 
> 
> 
> *******************************************
> Confidentiality Notice: This e-mail message, including any attachments, fro=
> m AtlantiCare contains information which is CONFIDENTIAL AND/OR LEGALLY PRI=
> VILEGED. The information is intended only for the use of the individual nam=
> ed above and may not be disseminated to any other party without AtlantiCare=
> 's written permission. If you are not the intended recipient, or the employ=
> ee or agent responsible for delivering the message to the intended recipien=
> t, you are hereby notified that any dissemination, disclosure, distribution=
> , copying or taking of any action in reliance on the contents of this e-mai=
> led information is strictly prohibited.=20
> If you have received this e-mail in error, please notify us immediately by =
> telephone at 609 - 569 - 7070 or notify us by e-mail at Isecurity at Atlantica=
> re.org to arrange for the return of these documents to us without cost to y=
> ou.
> 
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>