« Return to Thread: what should I do when....
Re: what should I do when....
by Adriel Desautels
::
Rate this Message:
Hi George,
My initial reaction to this is that you should block all IP addresses
belonging to that company *if* you do not need to communicate with them
via the internet. My secondary reaction is to tell you not to advertise
what sort of technology you are using in public forum (this mailing
list). You don't know if the *attacker* is subscribed to this mailing
list or not.
My professional recommendation for recourse is that you call the
company that *owns* the IP address in question. Let them know that
suspicious activity is sourcing from their IP address(es) to yours and
tell them that you would like it to stop.
With that said, I'd also recommend that you evaluate the security of
your IT Infrastructure. You don't sound too confident that you can
prevent the proverbial hacker from penetrating your infrastructure. I
suggest that you consider installing some HIDS and NIDS technologies
like OSSEC + prelude-ids + snort + prelude-lml (Open Source and effective).
Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45
Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142
---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security
Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn
Jorge L. Vazquez wrote:
> for the last 2 days I've been getting lots of connections attempts on my
> firewall logs(ipcop firewall), from a specific ip based in Canada, the
> log is showing a
> *
> *
> NEW not SYN?
>
> it seems that someone is trying to initiate a connections, or may be a
> scan. Although the good thing is that the firewall is detecting them
> therefore stopping them, I'm getting worried of hacker activity, I've
> already done ip lookup, and dns whois query both of those point to ip
> and host in Canada it seems to be a company as I got their public
> website and also private network.....could anyone advice me what's the
> proper course of actions in this case?....
>
> thanks
> Jorge L. Vazquez
> www.pctechtips.org
>
>
My initial reaction to this is that you should block all IP addresses
belonging to that company *if* you do not need to communicate with them
via the internet. My secondary reaction is to tell you not to advertise
what sort of technology you are using in public forum (this mailing
list). You don't know if the *attacker* is subscribed to this mailing
list or not.
My professional recommendation for recourse is that you call the
company that *owns* the IP address in question. Let them know that
suspicious activity is sourcing from their IP address(es) to yours and
tell them that you would like it to stop.
With that said, I'd also recommend that you evaluate the security of
your IT Infrastructure. You don't sound too confident that you can
prevent the proverbial hacker from penetrating your infrastructure. I
suggest that you consider installing some HIDS and NIDS technologies
like OSSEC + prelude-ids + snort + prelude-lml (Open Source and effective).
Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45
Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142
---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security
Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn
Jorge L. Vazquez wrote:
> for the last 2 days I've been getting lots of connections attempts on my
> firewall logs(ipcop firewall), from a specific ip based in Canada, the
> log is showing a
> *
> *
> NEW not SYN?
>
> it seems that someone is trying to initiate a connections, or may be a
> scan. Although the good thing is that the firewall is detecting them
> therefore stopping them, I'm getting worried of hacker activity, I've
> already done ip lookup, and dns whois query both of those point to ip
> and host in Canada it seems to be a company as I got their public
> website and also private network.....could anyone advice me what's the
> proper course of actions in this case?....
>
> thanks
> Jorge L. Vazquez
> www.pctechtips.org
>
>
« Return to Thread: what should I do when....
| Free Forum Powered by Nabble | Forum Help |
