I was looking through the logs of the attack blocker that we use today. The software suite is called Untangle [v5.3]. It is a sort of all in one web filter/firewall/spamblocker etc.

I saw an outside IP address that was being picked up. 83.102.190.246 I checked the hostname which is: icvector-gw.corbina.net. hcidata.info reported the country to be: Russian Federation.

Untangle gave the attack a reputation ranging from 60-67. Unfortunately, Untangle is pretty limited in reporting. It does not tell me what kind of attack was detected. So I don't know if this was just a portscan, or an attempted DoS, etc.

Has anyone here seen this hostname in their logs?

Sorry that I don't have more details.

Should I just ignore this? Block the IP range? [it is a school network, and we don't have any Russian Foreign exchange students that I know of ]

Should I start watching for students wearing excessive red to school?