I might also suggest that you try to identify *why* they are targeting your system. It could be completely random, but if it's targeted at one specific IP address and ignoring all others on your subnet, they may have a reason, and that reason might lead you to an existing compromise you didn't know about, or user activity on the system (e.g. belligerent IRC kiddies) that you might want to curb. -----Original Message----- From: KoRe MeLtDoWn [mailto:koremeltdownat_private] Sent: Tuesday, 06 May, 2003 22:45 To: cslat_private; incidentsat_private Subject: Re: Attack attempts from 195.86.128.45 > Perhaps now might be a > wise time to conduct an audit, to find any holes before whoever is looking > for them outside of your organisation does... > After that the best advice would be to stay alert, and monitor your gateway > logs closely. ---------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-incidents ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed May 07 2003 - 22:08:48 PDT