Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations sizbut on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Intrusion detected: What is to do??

Status
Not open for further replies.
joeka77

joeka77

Technical User
Mar 14, 2003
31
DE
If ISA notifies me about Intrusions with the suspicious IP, what should i do? Block the IP (But i can block only special Ports with Packet filter)?? Is it possible to get more Information (i.e. what port, details) about the intrusion?? Can somebody give me some tips?

Greetings J.
 
Sort by date Sort by votes
Your log files should tell you the source IP, destination IP, source port, and destination port of the 'attack'.

I'm pretty sure you can block inbound access for all ports for that one IP address.
Create a group called 'known_hackers' or something like that, and just peoples' IP's in this group as they pop up.
[thumbsup2]

Cool upcoming game! Check it out!
!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
769
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
640
Johnkite
Johnkite
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
574
nnaarrnn
nnaarrnn
GeorgeAlba
  • Locked
  • Question
What do you think about this proxy
Replies
0
Views
204
GeorgeAlba
GeorgeAlba
MottoK
  • Locked
  • Question
Cisco ISE blank GUI
Replies
0
Views
519
MottoK
MottoK

Part and Inventory Search

Sponsor

Back
Top