October 31st, 2008, 10:40 PM
November 1st, 2008, 12:18 PM
Does the logs tell you anything other then this IP attacked you?
If it was a web attack there should be something in the webserver's logs.
If it was some portscan the firewall logs should show that.
When none of this is available you need to seriously consider using some other software. If you can't do even the most basic correlation or investigation, the software is crap.
I get "attacked" all the time, from all over the world, not just the Russian Federation. My logs tell me exactly what's going on.
Experience is something you don't get until just after you need it.
November 1st, 2008, 09:05 PM
I agree wholeheartedly with SirDice, that is some pretty useless software you have.
If it can't tell you what is going on, how do you expect to protect yourself.
Get rid of that software first--get something useable (I'm sure SirDice has some good recommendations).
I'll look up that domain name and see if I can find anything.
Seriously, there are lots of good security suites out there for good prices and many opensource like untangle
edit: corbina.net seems fine, but it is common practice to block china, russia, etc... think about the tradeoffs of doing so (is it worth risking attack for an ip range that will probably never be needed on your network)
My recommendation: block it
Edit: find another product--there are plenty out there
Last edited by C:\Saw; November 1st, 2008 at 09:15 PM.
"...to give correctly is to give them what they need from us, for it would not be skillful to bring gifts to anyone that are in no way needed."
*Einstein Would Be Proud*
By instronics in forum The Security Tutorials Forum
Last Post: January 9th, 2010, 12:30 AM
By gore in forum Operating Systems
Last Post: March 7th, 2004, 08:02 AM
By gore in forum Newbie Security Questions
Last Post: December 29th, 2003, 08:01 AM
By Badassatchu in forum The Security Tutorials Forum
Last Post: December 23rd, 2003, 07:48 AM
By cwk9 in forum Other Tutorials Forum
Last Post: June 3rd, 2002, 07:57 PM