Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Attack attempts from 195.86.128.45

From: "NESTING, DAVID M (SBCSI)" <dn3723 () sbc com>
Date: Wed, 7 May 2003 10:13:07 -0500 
I might also suggest that you try to identify *why* they are targeting your
system.  It could be completely random, but if it's targeted at one specific
IP address and ignoring all others on your subnet, they may have a reason,
and that reason might lead you to an existing compromise you didn't know
about, or user activity on the system (e.g. belligerent IRC kiddies) that
you might want to curb.

-----Original Message-----
From: KoRe MeLtDoWn [mailto:koremeltdown () hotmail com] 
Sent: Tuesday, 06 May, 2003 22:45
To: csl () sublevel3 org; incidents () securityfocus com
Subject: Re: Attack attempts from 195.86.128.45


Perhaps now might be a 
wise time to conduct an audit, to find any holes before whoever is looking



for them outside of your organisation does...
After that the best advice would be to stay alert, and monitor your

gateway 

logs closely.


----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: