[Dshield] My server is an attacker
mathieu0008 at hotmail.com
Thu Oct 24 14:28:53 GMT 2002
Your IP (xxx.xxx.xxx.xxx) appears as an
attacker 7 times in the DShield database.
Date Source Source Port Target Port Protocol
2002-10-21 xxx.xxx.xxx.xxx 2382 80 6
2002-10-21 xxx.xxx.xxx.xxx 2383 80 6
2002-10-21 xxx.xxx.xxx.xxx 2384 80 6
2002-10-22 xxx.xxx.xxx.xxx 2106 80 6
2002-10-22 xxx.xxx.xxx.xxx 2104 80 6
2002-10-22 xxx.xxx.xxx.xxx 2105 80 6
2002-10-22 xxx.xxx.xxx.xxx 2101 80 6
This thing really looks like a Trojan or something on my PDC (which is used
as a proxy for my users too). Everything is my Lan is behind a Pix
Its very "fun" to know that I'm an attacker without my knowledge but is
there a way to contact (IP address)the people that says that I'm an
attacker...It would be much easier for me to know were to look in my logs.
I did try to look in my logs for the source ports xxx.xxx.xxx.xxx/2382
attackedIp/80 but found nothing unusual. Maybe the Date posted is not the
same as my log (but I did check the day before and after. But again, this
is manual checking thru 7 megs of text (do you know of a program that
analyses Pix syslog log files for attacks....both inbound and outbound in my
Any help is appreciated.
MSN Search, le moteur de recherche qui pense comme vous !
More information about the list