Re: Suspicious firewall logs

From: Ben Timby (aspat_private)
Date: Fri Aug 01 2003 - 11:06:02 PDT

Next message: Schmehl, Paul L: "RE: WORM_MIMAIL.A Anyone have any info on what this does yet?"

Previous message: Rodrigo Barbosa: "Re: Scan of TCP 552-554"
In reply to: Wong Wai Kit: "Suspicious firewall logs"
Next in thread: Adcock, Matt: "RE: Suspicious firewall logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Wong, what are these machine? Are they servers that could possibly be 
compromised, and trying to "call home" or are these workstations where 
employees may be running "unauthorized software".

Wong Wai Kit wrote:

>Hi,
>     I had one incidents which is require for your help. My firewall keep prompting some traffiics from internal LAN IPs trying to access this group of destination IPs for "http" service
> 
>208.172.144.155
>208.172.158.234
>208.172.128.132
>208.172.192.132
>208.172.224.132
>208.174.16.132
>208.172.13.253
> 
>Actually, my question is why my internal LAN(few IPs) keep trying to access this group of destination IP for http service. My LAN if want to go out internet, it should go through our proxy first. It not suppose go out to external directly.
> 
>Thanks...
>  
>


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Schmehl, Paul L: "RE: WORM_MIMAIL.A Anyone have any info on what this does yet?"
Previous message: Rodrigo Barbosa: "Re: Scan of TCP 552-554"
In reply to: Wong Wai Kit: "Suspicious firewall logs"
Next in thread: Adcock, Matt: "RE: Suspicious firewall logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 01 2003 - 11:11:11 PDT