Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Help me

from [Randy Johnson] Network Security [Permanent Link]
Subject: RE: Help me
Date: Thu, 24 Feb 2005 11:59:27 -0800 
As a double check of what your ISP says, you could use MRTG to determine
what kind of bandwidth your router is seeing.

Additionally, you could enable logging on your router to determine what /
who /when these attacks are happening.

Further (although I'm not that familiar with ISA ) doesn't ISA have the
capability to log what it drops ?

-----Original Message-----
From: Tran Nguyen Vu [mailto:tran.vunguyen@gmail.com] 
Sent: Monday, February 21, 2005 3:20 AM
To: security-basics@securityfocus.com
Subject: Help me



Dear all,
I have a problem and i dont know how to explain.
Last month, my ISP give our company a report about the capacity download and
upload, It was about 47GB.
The problem is my isa server has logged at about 7GB data down/upload.
When I asked them explain this great unequal capacity they said that
although My isa firewall prevented almost requests from the untrust network
(so this request was not included in capacity logfile and only 7GB was
allowed),their server logged all requests to my router and firewall from the
other local Loop  . It mean, there are 40GB data of requests that  not
except (attack, scan ping ...) in a month.
So I make some caculation, every second, there are 16035 byte attack (I call
"attack" because I was not allowed. 
Everybody help me explain this situation. I know, A request does not have
big capacity and my ISA server was not logged any attack!

Please help me. (sorry because of my english!)
Thanks in advance.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  anyone who saw this arp traffic?, Monty Ree
Next by Date:  RE: Exchange <--> Outlook Monitoring, Jeff Gercken
Previous by Thread:  Help me, Tran Nguyen Vu
Next by Thread:  Re: Help me, Mitchell Rowton
Indexes:  [Date] [Thread] [Top] [All Lists]