Thanks! Here is the sample line of the log that was sent to me. I replaced
the IP with X's. The first set of X's is the IP of my router and the other
set is the IP it's scanning.
2|Feb 20 2006 14:33:10|106001: Inbound TCP connection denied from
X.X.X.X/13331 to X.X.X.X/445 flags SYN on interface outside
Jason
-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of FRANCIS PROVENCHER
Sent: Tuesday, February 28, 2006 12:22 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-users] Newbie in a jam
Hi
To stop the problem, you can deny the icmp echo request on your firewall.
Its not a good thing to lets user make icmp echo reply (ping) outdoor of
your network. Creat a rule on your firewall to deny it, you can add some
exception on this rule to lets administrator to ping outdoor.
Sorry i can give you some advise with ethereal.
You can also check for a Snort (Intrusion Detection System)
Francis Provencher
Ministère de la Sécurité publique
Réalisations et Systèmes réseaux
Tél: (418) 646-3258
Courriel: Francis.provencher@xxxxxxxxxxxxxx
CEH - Certified Ethical Hackers
SSCP - System Security Certified Practionner
Sec+ - Security +
>>> jason.hernandez@xxxxxxxxxxxxx 02/28/06 2:36 PM >>>
Hello all,
I am very new to protocol analyzing and packet sniffing. I usually just
support pc, but an now supporting our network. I've been contacted my
company's ISP and they say some machine behind my router is scanning their
network. I have made sure all my PC's are patched, and have up to day anti
virus software ( McAfee) as well as anti spyware software (Windows
Defender), but I am still having this issue.
How can I use this software to find the culprit? What am I suppose to look
for? Sorry for being such a newbie...
Thanks in advance!
Jason
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users