So I'm at work today, trying to order a new PC for one of our employees. I found a great deal, but still had to get two other quotes to meet auditing requirements.
So I open up both the Dell.com and HP.com website. Shortly after I started trying to find similar Dell and HP PCs, our entire corporate network became unusable. Pings to an external site took between 4000-5000ms. Nobody could pull down a complete web page.
So I start going through the logs on our firewall, and I see these two culprits:
"ISA Server detected an all port scan attack from Internet Protocol (IP) address 143.166.83.38."
"ISA Server detected an all port scan attack from Internet Protocol (IP) address 143.166.224.244."
A whois on these IPs show they belong to Dell.
So I open a command prompt and do a ping to an external IP with a count of 100. While I'm watching the ping window, I close the browser tab that the Dell site is on. Within 2-3 pings, the response time dropped to < 100ms.
So my question is, why would an internal PC going to the Dell website trigger an event that ISA sees as an "all port scan"? I've already contacted the administrative contact for Dell, but there was no answer. Hopefully they return my voicemail. I'd like to find it's something misconfigured on our end, but I really doubt it. Sounds like the Dell webservers are either misconfigured, or subverted...
So I open up both the Dell.com and HP.com website. Shortly after I started trying to find similar Dell and HP PCs, our entire corporate network became unusable. Pings to an external site took between 4000-5000ms. Nobody could pull down a complete web page.
So I start going through the logs on our firewall, and I see these two culprits:
"ISA Server detected an all port scan attack from Internet Protocol (IP) address 143.166.83.38."
"ISA Server detected an all port scan attack from Internet Protocol (IP) address 143.166.224.244."
A whois on these IPs show they belong to Dell.
So I open a command prompt and do a ping to an external IP with a count of 100. While I'm watching the ping window, I close the browser tab that the Dell site is on. Within 2-3 pings, the response time dropped to < 100ms.
So my question is, why would an internal PC going to the Dell website trigger an event that ISA sees as an "all port scan"? I've already contacted the administrative contact for Dell, but there was no answer. Hopefully they return my voicemail. I'd like to find it's something misconfigured on our end, but I really doubt it. Sounds like the Dell webservers are either misconfigured, or subverted...