Zabbix and ISA 2006:ISA Server detected an all port scan attack from my zabbix server
Hey all, I have a problem
There is a remote site with ISA 2006 Server as Internet gateway. There I monitor 6 Windows servers, including this ISA itself (and plan to add more, actually). I use active checks only.
Problem is that Application eventlog in ISA constantly registers events like so:
Event Type: Warning
Event Source: Microsoft Firewall
Event Category: Packet filter
Event ID: 15105
ISA Server detected an all port scan attack from Internet Protocol (IP) address 193.xx.xx.xx
IP in the message is my Zabbix server's Internet Address.
Up to 10000 of those messages could be generated in a single day if I turn on the vast majority of zabbix's active checks on monitored servers
Any ideas what I can do in this situation?
I use active checks, most of them are from default windows template plus I monitor windows logs. Port 10051 is used, which is opened on ISA in outbound direction.
Thanks in advance
There is a remote site with ISA 2006 Server as Internet gateway. There I monitor 6 Windows servers, including this ISA itself (and plan to add more, actually). I use active checks only.
Problem is that Application eventlog in ISA constantly registers events like so:
Event Type: Warning
Event Source: Microsoft Firewall
Event Category: Packet filter
Event ID: 15105
ISA Server detected an all port scan attack from Internet Protocol (IP) address 193.xx.xx.xx
IP in the message is my Zabbix server's Internet Address.
Up to 10000 of those messages could be generated in a single day if I turn on the vast majority of zabbix's active checks on monitored servers
Any ideas what I can do in this situation?
I use active checks, most of them are from default windows template plus I monitor windows logs. Port 10051 is used, which is opened on ISA in outbound direction.
Thanks in advance
Comment