12/04/2008
Some interesting attacks in Belgium yesterday
The attacks against servers on the Belgian network are now also against SQL servers (we will post later today an overview what it could be that inspires such attacks - if you have any idea or logs let us know)
one of the surprising attacking servers is a server from IBM that is used by LOTUS a popular messenging tool in business networks. If you use that tool in your network you should control what happened yesterday and if you see any compromising or other traffic. http://195.207.166.145/stcenter.nsf
So no t forget to control port 445/135/139. Normally you should block that at your firewall. If you are in a network it is a good way to find directly servers and posts that are compromised or have configuration or routing problems if you try to go through your whole network or to the internet on these ports. If you put a logging rule in your firewall based on that principle. You will see immediately if there are posts that are compromised or in trouble. Best thing is to get them out of the network or put a small firewall before it that blocks that scanning or you drop that traffic on the switch of the segment of the network.
source arbor networks
09:00 | Permalink | Comments (0) | Email this
| 
| 
del.icio.us
|
| 
Digg | 
Facebook
Post a comment