Security Basics mailing list archives
RE: Weird IP
From: "Prodigi Child" <prodigi.child () gmail com>
Date: Wed, 4 Feb 2009 01:02:31 -0600
Try a trace route from the web server to the IP Address(es) in the logs and see where that goes. Maybe there is a network that you don't know about somewhere that is connected to yours behind the firewall (like a Wireless access point plugged into the LAN). -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Debarko De Sent: Tuesday, February 03, 2009 8:00 AM To: Ricardo Carrillo Cc: security-basics () securityfocus com Subject: Re: Weird IP We are talking of a web server compromisation so I don't think that no reply policy of UDP packets gets any consideration. I would suggest that the system logs be checked to verify any unauthorized acces to the web server logs as system logs are much harder to mess with. Also this case has all system compromisation written over it.
Current thread:
- Re: Weird IP anastasiosm (Feb 02)
- <Possible follow-ups>
- Re: Re: Weird IP si-n-ka-o-res-t (Feb 02)
- RE: Re: Weird IP Murda Mcloud (Feb 03)
- Re: Weird IP Andre Pawlowski (Feb 02)
- Re: Weird IP Gary Douglas (Feb 02)
- Re: Weird IP batman (Feb 02)
- Re: Weird IP Ricardo Carrillo (Feb 02)
- Re: Weird IP Debarko De (Feb 03)
- RE: Weird IP Prodigi Child (Feb 04)
- Re: Weird IP Myles (Feb 03)
- Re: Weird IP Debarko De (Feb 03)
- Re: Re: Weird IP tim (Feb 04)
- Re: Weird IP Venky Shankar (Feb 04)