"I have IPSs and i've seen some weird query/log during the testing. It was something like cmd.exe, net user mofo mofo123 /add and other commands being executed on our server."
Oh darling, if you have an IPS, it should be dropping those connection already. If not, give a kick to the nuts-sack of the IPS vendors and tell them www.go.to.hell.org!! I, myself would not mind to give them an uppercut kick just like zohan
Wednesday, July 09, 2008
It was an attack, wasn't it?
Sample
FWBongek, 1 July 2008, 08:32, 10.10.10.10:3124, 1.1.1.1:23, TCP
.
.
.
FWBongek, 2 July 2008, 10:00, 10.10.10.10:3124, 1.1.1.1:23, TCP
Using my super lazy skills,
cat firewall.log | cut -d ',' -f 3 | cut -d ':' -f 1 | sort -rn | uniq -c
I've found out, it just a normal internet behavior, kind of things that u will see once u'r connected to the internet. The cause might be, worm,botnet and mass scanning.
FWBongek, 1 July 2008, 08:32, 10.10.10.10:3124, 1.1.1.1:23, TCP
.
.
.
FWBongek, 2 July 2008, 10:00, 10.10.10.10:3124, 1.1.1.1:23, TCP
Using my super lazy skills,
cat firewall.log | cut -d ',' -f 3 | cut -d ':' -f 1 | sort -rn | uniq -c
I've found out, it just a normal internet behavior, kind of things that u will see once u'r connected to the internet. The cause might be, worm,botnet and mass scanning.
Subscribe to:
Posts (Atom)