First time writer, first time on the list at all! I recieved the the following logs from a SonicWall SOHO2 from over the weekend. Two questions, first, does this indicate that the network has been compromised? Second, is this typical series of scans/attacks? 10/20/2001 (All from one IP address) 8:12am Port Scan 8:12am Port Scan 8:12am Striker Attack 8:13am Sub Seven 8:13am Ini Killer 8:13am Ripper 8:14am NetSpy 10/21/2001 (All from one IP address - different from the one on 10/20/2001) 6:44am Port Scan 6:44am Port Scan 6:45am Sub Seven 6:45am Ripper 6:45am Striker 6:45am NetSpy 6:45am Ini Killer 6:48am Back Oriface 6:48am NetBus Attack 6:49am Priority Attack 7:38am IP Spoof Detected - from LAN interface to WAN interface. (Does not match network IP scheme). Thanks Paul --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Mon Oct 22 2001 - 12:08:52 PDT