Microsoft Internet Security and Acceleration (ISA) Server features an intrusion detection mechanism, which identifies when an attack is attempted against your network and performs a set of configured actions, or alerts, in case of an attack. To detect unwanted intruders, ISA Server compares network traffic and log entries to well-known attack methods. Suspicious activities trigger alerts. Actions include connection termination, service termination, e-mail alerts, logging, and others.

If intrusion detection is enabled, you can configure which of the following intrusions trigger alerts:

• All ports scan attack

• Well-known port scan attack

• IP half scan attack

• Land attack

• Ping of death attack

• UDP bomb attack

• Windows out-of-band attack

If you configure port scan alerts, you can also configure how many port attacks trigger an alert.

For configuration instructions, see Configure intrusion detection and Create an alert. For more information, see Intrusion detection.

Intrusion detection functionality based on technology from Internet Security Systems, Inc., Atlanta, GA, USA, www.iss.net. Portions Copyright  2000 Internet Security Systems, Inc.