Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ISSForum] Destination/Source IP

from [Martin Benuska] Network Security [Permanent Link]
Subject: Re: [ISSForum] Destination/Source IP
Date: Mon, 10 Jul 2006 14:32:34 +0200 
I have seen the same behavior, with some audit signatures like remote shared
folder access too. The same with lsass remote BO exploit. It's not very nice
to see these events, especially if there are correct IP addresses in the
Windows Event Viewer generated.

Martin

On 7/7/06, russell_tompkins@gb.smbcgroup.com <
russell_tompkins@gb.smbcgroup.com> wrote:



Hi, we have SiteProtector in place and I have noticed that we are getting
alerts where the Destination AND Source IP address are identical.
These are external IP addresses and the majority of these alerts seem to
be
HTTP related?
I have checked our Firewall logs to look at the traffic, but nothing looks
suspicious.
We have a number of SiteProtector consoles in place globally, each having
multiple sensors reporting to them and each console has experienced the
same problem?
Has anybody seen this before this before?


*******************************************************************

This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity
to whom they are addressed. If you have received this
email in error please notify the sender by replying to this
email and then delete it from your system.

No reliance may be placed upon this email without written
confirmation of its contents and any liability arising from
such reliance without written confirmation is hereby
excluded.

Sumitomo Mitsui Banking Corporation

*******************************************************************

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ISSForum] Problems with g1200 interfaces., Gupta, Abhishek \(ISS India\)
Next by Date:  [ISSForum] PolicyDumper for Siteprotector, E Palacio O.
Previous by Thread:  [ISSForum] Destination/Source IP, russell_tompkins
Next by Thread:  [ISSForum] PolicyDumper for Siteprotector, E Palacio O.
Indexes:  [Date] [Thread] [Top] [All Lists]