Re: intrusion alert



Burkhard Ott wrote:
On Wed, 10 Mar 2010 18:29:23 -0500, Rick wrote:

Burkhard Ott wrote:
On Wed, 10 Mar 2010 14:29:14 +0000, Jon Solberg wrote:

On 2010-03-10, Rick<rick0.merrill@xxxxxxxxxxxxxxxxxx> wrote:
My firewall emails me the following:

03/09/2010 10:58:19.736 - Alert - Intrusion Prevention - FTP: PORT
bounce attack dropped. - 192.168.248.213, 3629, X1 (rick) -
192.168.248.205, 21, X0 - Target host: 216.87.188.9, 59310 This email
was generated by: SonicOS Enhanced 5.3.0.0-16o (0017-C54A-D6FC)

Comments?

Get a real firewall.

Nope, a dropped packet on a Sonicwall.

I think it means Affinity has an infected/zombied server. What do you
think?

Yes for sure, format all your servers you are at high risk since you've
tried to access their servers, call them and tell them this serious
problem what your fancy sonicwall told you and you end up as the hero of
the day.

cheers


Believe it or not I did (once) get that to happen with a US based server because I found the owner (not IT savy) who leaned on his IT people and made them find the infected server.

Blessings, - Don Quixote


.