intrusion alert
in [Firewalls]
|
Prev: Wireless Security in Corporation?
Next: Tivo TCP Data
From: Rick on 10 Mar 2010 09:04 My firewall emails me the following: 03/09/2010 10:58:19.736 - Alert - Intrusion Prevention - FTP: PORT bounce attack dropped. - 192.168.248.213, 3629, X1 (rick) - 192.168.248.205, 21, X0 - Target host: 216.87.188.9, 59310 This email was generated by: SonicOS Enhanced 5.3.0.0-16o (0017-C54A-D6FC) 216.87.188.9 ==> whois: OrgName: Affinity Internet, Inc OrgID: AFFI Address: Corporate headquarters Address: 3250 W. Commercial Blvd. City: Ft. Lauderdale StateProv: FL Comments?
From: Jon Solberg on 10 Mar 2010 09:29 On 2010-03-10, Rick <rick0.merrill(a)gmail.com.lessspam> wrote: > My firewall emails me the following: > > 03/09/2010 10:58:19.736 - Alert - Intrusion Prevention - FTP: PORT > bounce attack dropped. - 192.168.248.213, 3629, X1 (rick) - > 192.168.248.205, 21, X0 - Target host: 216.87.188.9, 59310 This email > was generated by: SonicOS Enhanced 5.3.0.0-16o (0017-C54A-D6FC) > > [...] > > Comments? Get a real firewall. -- Jon Solberg (remove "nospam." from email address).
From: Burkhard Ott on 10 Mar 2010 10:59 On Wed, 10 Mar 2010 14:29:14 +0000, Jon Solberg wrote: > On 2010-03-10, Rick <rick0.merrill(a)gmail.com.lessspam> wrote: >> My firewall emails me the following: >> >> 03/09/2010 10:58:19.736 - Alert - Intrusion Prevention - FTP: PORT >> bounce attack dropped. - 192.168.248.213, 3629, X1 (rick) - >> 192.168.248.205, 21, X0 - Target host: 216.87.188.9, 59310 This email >> was generated by: SonicOS Enhanced 5.3.0.0-16o (0017-C54A-D6FC) >> >> Comments? > > Get a real firewall. Nope, a droped packet on a crappy Sonicwall. SCNR
From: Rick on 10 Mar 2010 18:29 Burkhard Ott wrote: > On Wed, 10 Mar 2010 14:29:14 +0000, Jon Solberg wrote: > >> On 2010-03-10, Rick<rick0.merrill(a)gmail.com.lessspam> wrote: >>> My firewall emails me the following: >>> >>> 03/09/2010 10:58:19.736 - Alert - Intrusion Prevention - FTP: PORT >>> bounce attack dropped. - 192.168.248.213, 3629, X1 (rick) - >>> 192.168.248.205, 21, X0 - Target host: 216.87.188.9, 59310 This email >>> was generated by: SonicOS Enhanced 5.3.0.0-16o (0017-C54A-D6FC) >>> >>> Comments? >> >> Get a real firewall. > > Nope, a dropped packet on a Sonicwall. I think it means Affinity has an infected/zombied server. What do you think?
From: Burkhard Ott on 10 Mar 2010 18:34
On Wed, 10 Mar 2010 18:29:23 -0500, Rick wrote: > Burkhard Ott wrote: >> On Wed, 10 Mar 2010 14:29:14 +0000, Jon Solberg wrote: >> >>> On 2010-03-10, Rick<rick0.merrill(a)gmail.com.lessspam> wrote: >>>> My firewall emails me the following: >>>> >>>> 03/09/2010 10:58:19.736 - Alert - Intrusion Prevention - FTP: PORT >>>> bounce attack dropped. - 192.168.248.213, 3629, X1 (rick) - >>>> 192.168.248.205, 21, X0 - Target host: 216.87.188.9, 59310 This email >>>> was generated by: SonicOS Enhanced 5.3.0.0-16o (0017-C54A-D6FC) >>>> >>>> Comments? >>> >>> Get a real firewall. >> >> Nope, a dropped packet on a Sonicwall. > > I think it means Affinity has an infected/zombied server. What do you > think? Yes for sure, format all your servers you are at high risk since you've tried to access their servers, call them and tell them this serious problem what your fancy sonicwall told you and you end up as the hero of the day. cheers |