I have been recieving alert logs from SonicWall firewall appliance. In them i am recieving two kinds of alerts that are alarming and wondering if one of experts can give me some advice:
1)
2)
A few notes, the company here last month had to allow Trustkeeper to certify us for our Trustware certification. But it is a scheduled scan on one day a month. On monday the firewall had to be rebooted because our internet was down, this was the alert i received right before it happened.
I want to call in our server IT company, my boss doesnt want to spend the money. Has our server been compromised? Is someone spoofing our IP? Was there 6144 open connections on our server? ANy insight into this issue is very much appreciated.
Thank you
Raven
1)
Code:
07/31/2009 09:32:54.240 - Possible port scan dropped - 192.221.96.126, 80, WAN - 209.195.155.48, 15275, WAN - TCP scanned port list, 15283, 15283, 15271, 15271, 152852)
Code:
07/31/2009 06:39:59.208 - IP spoof dropped - 192.168.0.1, 137, LAN - 192.168.0.255, 137, OPT - MAC address: 00:e0:b8:5b:48:f3A few notes, the company here last month had to allow Trustkeeper to certify us for our Trustware certification. But it is a scheduled scan on one day a month. On monday the firewall had to be rebooted because our internet was down, this was the alert i received right before it happened.
Code:
07/26/2009 22:46:43.032 - The cache is full; 6144 open connections; some will be dropped - 172.25.12.4, 16078, LAN - 192.33.4.12, 53, WAN -I want to call in our server IT company, my boss doesnt want to spend the money. Has our server been compromised? Is someone spoofing our IP? Was there 6144 open connections on our server? ANy insight into this issue is very much appreciated.
Thank you
Raven
