help

Unanswered Question
Sep 9th, 2008

Hello all,


I have two PIX-515 with ver 6.3(4) failover to each one. My monitoring tool tells us a hacker from China is hacking our SQL database. I blocked the hacker's IP address on the outside interface of PIX and clear the session. After that, I don't see it by issuing "sh conn | i x.x.x.x". But my monitoring tool still tells us the hacker still in our network. Can anyone help me to find out how to block/stop the hacker?


thanks,

Gene

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Marwan ALshawi Tue, 09/09/2008 - 23:17

somtimes the hackers install a spy or hosting sofware in PC in the private lan so the connection will be established from the inside to outside then the firewall wall will not block it


scan ur LAN as well

gpan667788 Wed, 09/10/2008 - 12:36

I blocked the address from any inside hosts as well.


Does anyone have any suggestion/idea how to prevent this from happening? Is any product or script that we can implement to automatically block the IP for both ASA and PIX?


thanks,

Mel Popple Tue, 09/16/2008 - 07:36

Have you tried routing the offending address to Null your routers and seeing if the monitoring tool still picks it up?

Actions

This Discussion