Attacks!
Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Attacks!

  1. #1
    Senior Member
    Join Date
    May 2004
    Posts
    140

    Question Attacks!

    How often does your firewall/network/IDS pick up attacks? daily? weekly? monthly?
    I am trying to see how often i should be looking at my firewall logs and in how much detail? do you guys report things on a regular basis? do you consider that to be a part of your job?
    What sort of attacks do you see the most? what should i look for in the more common attacks?
    Romans 7:14-20
    14 We know that the law is spiritual; but I am unspiritual, sold as a slave to sin. 15 I do not understand what I do. For what I want to do I do not do, but what I hate I do. 16 And if I do what I do not want to do, I agree that the law is good. 17 As it is, it is no longer I myself who do it, but it is sin living in me. 18 I know that nothing good lives in me, that is, in my sinful nature. For I have the desire to do what is good, but I cannot carry it out.

  2. #2
    T3h 1337 N00b kryptonic's Avatar
    Join Date
    Sep 2003
    Location
    Seattle, Washington.
    Posts
    523
    They pick up attacks minutely well just about. As soon as the attck happens its reported in the logs.

  3. #3
    Our firewall logs "attacks" daily, usually 2 or 3 a day, sometimes more. However, you have to keep in mind that oftentimes you have false positives, so you must be weary of those. For instance, when our AV server tries to contact the CA website for virus signatures, the firewall often mistakes the incoming connection from CA as an IP spoofing attack. So you have to keep your eyes open and carefully evaluate everything reported.

  4. #4
    Senior Member
    Join Date
    May 2004
    Posts
    140
    Originally posted here by kryptonic
    They pick up attacks minutely well just about. As soon as the attck happens its reported in the logs.
    I know it logs real time but how often do you see REA: attacks on your network?
    Romans 7:14-20
    14 We know that the law is spiritual; but I am unspiritual, sold as a slave to sin. 15 I do not understand what I do. For what I want to do I do not do, but what I hate I do. 16 And if I do what I do not want to do, I agree that the law is good. 17 As it is, it is no longer I myself who do it, but it is sin living in me. 18 I know that nothing good lives in me, that is, in my sinful nature. For I have the desire to do what is good, but I cannot carry it out.

  5. #5
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Look for amongst other things a lot of "attacks" from the same IP address or a lot of activity during the early hours when the office is closed as most serious people who know what they are doing will chose this time to do what it is they want to do!
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  6. #6
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Depends on what you mean by attacks. Right now I am watching a gaming site port scan my firewall (started about 5 minutes ago). I'll let it go for the time being, as port scans I don't consider attacks. Now if the site doesn't cut it out, or starts making different attempts to connect (FTP, Telnet, SSH....etc), well then the gloves come off.


    Cheers:
    DjM

  7. #7
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    3-4 during daylight, and increase a lot after midnight. I have some clients on financial business (such as banks) and there is a lot of activity after midnight. I think that hackers try during those hours thinking that operators are sleeping (and usually they are)
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  8. #8
    Senior Member
    Join Date
    May 2004
    Posts
    140
    Originally posted here by cacosapo
    3-4 during daylight, and increase a lot after midnight. I have some clients on financial business (such as banks) and there is a lot of activity after midnight. I think that hackers try during those hours thinking that operators are sleeping (and usually they are)
    What would be a lgit explaination for that game site be hitting yoru firewall? someone on the inside trying to play games?
    Romans 7:14-20
    14 We know that the law is spiritual; but I am unspiritual, sold as a slave to sin. 15 I do not understand what I do. For what I want to do I do not do, but what I hate I do. 16 And if I do what I do not want to do, I agree that the law is good. 17 As it is, it is no longer I myself who do it, but it is sin living in me. 18 I know that nothing good lives in me, that is, in my sinful nature. For I have the desire to do what is good, but I cannot carry it out.

  9. #9
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Originally posted here by Jason1977
    What would be a lgit explaination for that game site be hitting yoru firewall? someone on the inside trying to play games?
    Legit.....for a port scan. No reason I can think of. Even if someone from inside was trying to play a game (I saw no traffic indicating this), that is no reason to fire up a port scan. Needless to say, they quit, so now I am just watching the usual flock of worms trying to find a hole.

    Cheers:
    DjM

  10. #10
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    Well, considering I (at least, the organization I work for) owns 22 full class C public address ranges, I get hit a lot.

    It goes in cycles. Port scans are so commonplace I ignore them. Serious attempts at penetrations happen anywhere between once and twice a week to 3-6 times a day.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •