09-09-2008 06:49 PM - edited 03-11-2019 06:41 AM
Hello all,
I have two PIX-515 with ver 6.3(4) failover to each one. My monitoring tool tells us a hacker from China is hacking our SQL database. I blocked the hacker's IP address on the outside interface of PIX and clear the session. After that, I don't see it by issuing "sh conn | i x.x.x.x". But my monitoring tool still tells us the hacker still in our network. Can anyone help me to find out how to block/stop the hacker?
thanks,
Gene
09-09-2008 11:17 PM
somtimes the hackers install a spy or hosting sofware in PC in the private lan so the connection will be established from the inside to outside then the firewall wall will not block it
scan ur LAN as well
09-10-2008 12:36 PM
I blocked the address from any inside hosts as well.
Does anyone have any suggestion/idea how to prevent this from happening? Is any product or script that we can implement to automatically block the IP for both ASA and PIX?
thanks,
09-16-2008 07:36 AM
Have you tried routing the offending address to Null your routers and seeing if the monitoring tool still picks it up?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: