Search:

Traffic to my DNS server.
http://ser4.imgdump.net/images/07252006/s4_e09e57f1ff3b115.bmp

Traffic from my DNS server.
http://ser4.imgdump.net/images/07252006/s4_34c459f4f9c2053.bmp

Note that 169.254.1.33 is my DNS server. i didn't seen this weird traffic before this (i reviewed my firewall logs everyday).

The picture shows a portion of the incidents. This thing still happen until now.

http://ser4.imgdump.net/images/s4_f5137a22b11d1.jpg

i'm detected a lot of outboud traffic from my DNS server to single host (public IP) using UDP 46728 to 56732 . Can you guys help me figure out what connection is it? This traffic started from 20 July...

on two boxes ? ...yes
using same key ?...yes

are they both on same network ?..yes
do you have this issue if you pull one from network ?..not yet done. but, what the purpose to pull one from...

The updates success after 2 hours(I enabled automatic updates to updates every hour). MTA also can run after the 2 hours too (before this i can't start the service). I still can't figure out how this...

I had installed Symantec Mail Security for SMTP gateway ver 5 on RHEL AS 3.0.

The problem is, I can't update the virus definition. Here is the logs says "The JLU process appears to be hanging and...

There's no text log.

Actually I'm using correlation engine. 3 firewall+3 NIDS+2 HIDS push into 1 correlation engine. Alert from IDS will show the alert message while the firewall log will show...

I can't use automated tools due to limited budget my company has.

What I'm doing now is:
- if external host targetting our IP address using port TCP 1433 or UDP 1434, I categorized it as worm...

I could not understand what the meaning of these..

The meaning of application protocol

Questions:
1. How to modify application protocol? Is it Web browser or Windows Media Player is one of...

kevler post on behalf of me..

Here is my reference site :
1. honeynet
2. Robert graham's firewall analysis article
3. Here if I want to know services and sometimes viruses or exploit regarding...