Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

help

Hello all,

I have two PIX-515 with ver 6.3(4) failover to each one. My monitoring tool tells us a hacker from China is hacking our SQL database. I blocked the hacker's IP address on the outside interface of PIX and clear the session. After that, I don't see it by issuing "sh conn | i x.x.x.x". But my monitoring tool still tells us the hacker still in our network. Can anyone help me to find out how to block/stop the hacker?

thanks,

Gene

3 REPLIES

Re: help

somtimes the hackers install a spy or hosting sofware in PC in the private lan so the connection will be established from the inside to outside then the firewall wall will not block it

scan ur LAN as well

New Member

Re: help

I blocked the address from any inside hosts as well.

Does anyone have any suggestion/idea how to prevent this from happening? Is any product or script that we can implement to automatically block the IP for both ASA and PIX?

thanks,

New Member

Re: help

Have you tried routing the offending address to Null your routers and seeing if the monitoring tool still picks it up?

114
Views
3
Helpful
3
Replies
CreatePlease to create content