To enable intrusion detection of common attacks

1. In the console tree of ISA Server Management, click General.
2. In the details pane, click Enable Intrusion Detection and DNS Attack Detection.
3. On the Common Attacks tab, click Enable intrusion detection.
4. Select one or more of the following:
   • Windows out-of-band (WinNuke). Select this option when ISA Server will generate an event if an out-of-band denial of service attack is attempted against a computer protected by ISA Server.
   • Land. Select this option when ISA Server will generate an event if a TCP SYN packet is sent with a spoofed source IP address and port number that matches that of the destination IP address and port number.
   • Ping of death. Select this option when ISA Server will generate an event if an IP fragment is received with more data than the maximum IP packet size.
   • IP half scan. Select this option when ISA Server will generate an event if repeated attempts to connect to a destination computer are made and no corresponding ACK packets are communicated.
   • UDP bomb. Select this option when ISA Server will generate an event if there is an attempt to send an illegal User Datagram Protocol (UDP) packet. Although an event will be generated when the attack occurs, you must specifically enable and configure an alert to trigger an action.
   • Port scan. Select this option when ISA Server will generate an event if an attempt is made to count the services running on a computer by probing each port for a response. If you select this option, also specify the following:
     • Detect after attacks on well-known ports. Type the maximum number of well-known ports that can be scanned before generating an event when a port scan attack is detected. A well-known port is any port in the range from 1 through 2048.
     • Detect after attacks on ports. Type the maximum number of ports that can be scanned before generating an event when a port scan attack is detected.

Notes

• To open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
• For ISA Server 2006 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, expand Array_Name, expand Configuration, and then click General.
• For ISA Server 2006 Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Server_Name, expand Configuration, and then click General.

Related Topics

---

Get latest ISA Server content at ISA Server Guidance(http://www.microsoft.com/). Send feedback about this page.

• English-to-Russian translation