Unanswered Question
Sep 9th, 2008
User Badges:

Hello all,

I have two PIX-515 with ver 6.3(4) failover to each one. My monitoring tool tells us a hacker from China is hacking our SQL database. I blocked the hacker's IP address on the outside interface of PIX and clear the session. After that, I don't see it by issuing "sh conn | i x.x.x.x". But my monitoring tool still tells us the hacker still in our network. Can anyone help me to find out how to block/stop the hacker?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Marwan ALshawi Tue, 09/09/2008 - 23:17
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

somtimes the hackers install a spy or hosting sofware in PC in the private lan so the connection will be established from the inside to outside then the firewall wall will not block it

scan ur LAN as well

gpan667788 Wed, 09/10/2008 - 12:36
User Badges:

I blocked the address from any inside hosts as well.

Does anyone have any suggestion/idea how to prevent this from happening? Is any product or script that we can implement to automatically block the IP for both ASA and PIX?


Mel Popple Tue, 09/16/2008 - 07:36
User Badges:

Have you tried routing the offending address to Null your routers and seeing if the monitoring tool still picks it up?


This Discussion