Results 1 to 3 of 3
  1. #1
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    SW MO

    Talking The Russians are attacking my network. :)

    I was looking through the logs of the attack blocker that we use today. The software suite is called Untangle [v5.3]. It is a sort of all in one web filter/firewall/spamblocker etc.

    I saw an outside IP address that was being picked up. I checked the hostname which is: icvector-gw.corbina.net. hcidata.info reported the country to be: Russian Federation.

    Untangle gave the attack a reputation ranging from 60-67. Unfortunately, Untangle is pretty limited in reporting. It does not tell me what kind of attack was detected. So I don't know if this was just a portscan, or an attempted DoS, etc.

    Has anyone here seen this hostname in their logs?

    Sorry that I don't have more details.

    Should I just ignore this? Block the IP range? [it is a school network, and we don't have any Russian Foreign exchange students that I know of ]

    Should I start watching for students wearing excessive red to school?
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"


  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    Does the logs tell you anything other then this IP attacked you?

    If it was a web attack there should be something in the webserver's logs.
    If it was some portscan the firewall logs should show that.

    When none of this is available you need to seriously consider using some other software. If you can't do even the most basic correlation or investigation, the software is crap.

    I get "attacked" all the time, from all over the world, not just the Russian Federation. My logs tell me exactly what's going on.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Senior Member C:\Saw's Avatar
    Join Date
    Jan 2008
    I agree wholeheartedly with SirDice, that is some pretty useless software you have.

    If it can't tell you what is going on, how do you expect to protect yourself.

    Get rid of that software first--get something useable (I'm sure SirDice has some good recommendations).

    I'll look up that domain name and see if I can find anything.

    Seriously, there are lots of good security suites out there for good prices and many opensource like untangle

    edit: corbina.net seems fine, but it is common practice to block china, russia, etc... think about the tradeoffs of doing so (is it worth risking attack for an ip range that will probably never be needed on your network)

    My recommendation: block it

    Edit: find another product--there are plenty out there
    Last edited by C:\Saw; November 1st, 2008 at 08:15 PM.
    "...to give correctly is to give them what they need from us, for it would not be skillful to bring gifts to anyone that are in no way needed."

    *Einstein Would Be Proud*

Similar Threads

  1. Network Diagnosis tools and utils
    By instronics in forum The Security Tutorials Forum
    Replies: 13
    Last Post: January 8th, 2010, 11:30 PM
  2. The history of the Mac line of Operating systems
    By gore in forum Operating Systems
    Replies: 3
    Last Post: March 7th, 2004, 07:02 AM
  3. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 07:01 AM
  4. NetBIOS explained
    By Badassatchu in forum The Security Tutorials Forum
    Replies: 19
    Last Post: December 23rd, 2003, 06:48 AM
  5. mini-tutorial on network topologies
    By cwk9 in forum Other Tutorials Forum
    Replies: 6
    Last Post: June 3rd, 2002, 06:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.