cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
396
Views
3
Helpful
3
Replies

help

gpan667788
Level 1
Level 1

Hello all,

I have two PIX-515 with ver 6.3(4) failover to each one. My monitoring tool tells us a hacker from China is hacking our SQL database. I blocked the hacker's IP address on the outside interface of PIX and clear the session. After that, I don't see it by issuing "sh conn | i x.x.x.x". But my monitoring tool still tells us the hacker still in our network. Can anyone help me to find out how to block/stop the hacker?

thanks,

Gene

3 Replies 3

Marwan ALshawi
VIP Alumni
VIP Alumni

somtimes the hackers install a spy or hosting sofware in PC in the private lan so the connection will be established from the inside to outside then the firewall wall will not block it

scan ur LAN as well

I blocked the address from any inside hosts as well.

Does anyone have any suggestion/idea how to prevent this from happening? Is any product or script that we can implement to automatically block the IP for both ASA and PIX?

thanks,

Have you tried routing the offending address to Null your routers and seeing if the monitoring tool still picks it up?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: