| Event Id | 15107 |
| Source | Microsoft ISA Server Control |
| Description | ISA Server detected a ping-of-death attack from Internet Protocol (IP) address %1. For more information about this event, see ISA Server Help. |
| Event Information | According to Microsoft: EXPLANATION: A ping-of-death attack was attempted against a computer protected by ISA Server. This alert occurs when a large amount of information is appended to an Internet Control Message Protocol (ICMP) echo request (ping) packet. If this attack is successful, the computer crashes. USER ACTION: If logging for dropped packets has been set, you can view details of this attack in the packet filter log in the ISALogs folder, which is located under the ISA Server installation folder. You can use this log to monitor intruder activity. Steps against intruder activity include identifying the source of the intrusion, setting up a static packet filter to block incoming ICMP packets, creating a protocol rule that specifically denies incoming ICMP echo request packets from the Internet, or enabling the filtering of IP fragments by using ISA Management. To enable filtering, in the ISA Management console tree, click Arrays, click Name, click Access Policy, click IP Packet Filters properties, and then click the Packet Filters tab. |
| Reference Links | More Information |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.