"Daniel F. Chief Security Engineer -" <danielfat_private> >Im looking for help tracing this attack down. Its coming from my network with >spoofed IPs to 216.200.108.194 IP which is not on my network so its and >outbound attack. Also none of the source IPs are on my network. I'm no expert, but ... Can you configure your IDS to pick up the card address of the source, or would that only give you an internal router? Even that might help, I suppose. You could then move inside that router's space, do it again, and continue until you had narrowed the suspects to a manageable number. I don't envy you your challenge! Best regards, Neil Dickey, Ph.D. Research Associate/Sysop Geology Department Northern Illinois University DeKalb, Illinois 60115 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Jan 25 2002 - 11:33:35 PST