March 26th, 2008, 12:04 PM
Strange Ip Addresses
My log file told me that a couple of exploits(LSASS and DCOM exploits) were tried on my system's one of the VM (windows xp2) from the following IPs
But how is this possible, since these addresse are in the reserved RFC 1918 address range and should never appear on public internet.
Any clues ?
March 26th, 2008, 12:48 PM
What sort of log file?
Nepenthes for example reports quite a bit of "standard" traffic as Unknown DCOM Exploit (or something similar.. I don't have my log handy at the moment).
Also what is your network setup and where the box that's logging in relation to the box that's being targeted?
I can think of plenty of possibilities, but knowing more about your network would help filter out various possibilities.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
By ch4r in forum Other Tutorials Forum
Last Post: January 30th, 2006, 10:18 PM
By bluthund in forum Other Tutorials Forum
Last Post: May 26th, 2004, 08:24 AM
By Noble Hamlet in forum AntiOnline's General Chit Chat
Last Post: March 17th, 2002, 08:38 AM