Re: intrusion alert



Burkhard Ott wrote:
On Wed, 10 Mar 2010 18:29:23 -0500, Rick wrote:

Burkhard Ott wrote:
On Wed, 10 Mar 2010 14:29:14 +0000, Jon Solberg wrote:

On 2010-03-10, Rick<rick0.merrill@xxxxxxxxxxxxxxxxxx> wrote:
My firewall emails me the following:

03/09/2010 10:58:19.736 - Alert - Intrusion Prevention - FTP: PORT
bounce attack dropped. - 192.168.248.213, 3629, X1 (rick) -
192.168.248.205, 21, X0 - Target host: 216.87.188.9, 59310 This email
was generated by: SonicOS Enhanced 5.3.0.0-16o (0017-C54A-D6FC)

Comments?

Get a real firewall.

Nope, a dropped packet on a Sonicwall.

I think it means Affinity has an infected/zombied server. What do you
think?

Yes for sure, format all your servers you are at high risk since you've
tried to access their servers, call them and tell them this serious
problem what your fancy sonicwall told you and you end up as the hero of
the day.

cheers


Believe it or not I did (once) get that to happen with a US based server because I found the owner (not IT savy) who leaned on his IT people and made them find the infected server.

Blessings, - Don Quixote


.



Relevant Pages

  • Re: intrusion alert
    ... Get a real firewall. ... a dropped packet on a Sonicwall. ... Believe it or not I did get that to happen with a US based server ...
    (comp.security.firewalls)
  • Re: Cannot download large files on a W2K3 network.
    ... No ISA, proxy, server and no such accelerators of any kind. ... appliance is the SonicWALL. ... > Is the sonicwall appliance a caching internet appliance or just a firewall? ...
    (microsoft.public.windows.server.networking)
  • Re: Installing new SBS 03 server. Will that be 1 Nic or 2 ?
    ... I use VPN because I need two-factor authentication. ... I guess technically 2 NICs would be more secure, but hopefully the SonicWall ... and when the server was about 6 weeks old a drive failed. ... and points regarding method of connectivity. ...
    (microsoft.public.windows.server.sbs)
  • Re: Need help creating a VPN through a firewall
    ... Sorry, we have the Sonicwall, and the other device is just the broadband ... All of our data is kept on the server. ... The other "router" is simply our ISP's broadband modem. ... Ethernet adapter Server Local Area Connection: ...
    (microsoft.public.windows.server.sbs)
  • RE: Wide area failures?
    ... The W2003 server hosting the DNS server is not the system ... Sonicwall a FQDN, but I prefer they be invisible to outside queries. ... The Wireless network is mapped internally to another private netowork, ... the computers visible. ...
    (microsoft.public.windows.server.dns)