Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET

Need to figure out what is trying to get past my firewall…

Home Forums Security General Security Need to figure out what is trying to get past my firewall…

Viewing 1 post (of 1 total)
  • Author
    Posts

  • ES&P
    Member
    #142563

    Hi All,

    I’ve got a client running a single server (SBS2003) sitting behind a SonicWall TZ 180 Enhanced. The server got infected a while ago, and we removed the infections (I thought), but found that it was pushing data up to someplace on the internet. Disabling NetBIOS resolved that issue, but when I re-enable it, it starts back up.

    Now, the server has started the same type of thing, uploading mainly to two specific addresses:

    229.111.112.12 source port 1125, destination port 3071
    122.224.115.102 source port 3375 (but changes), destination port 8000

    I’ve got the SonicWall blocking everything except allowed traffic, but need help resolving this once and for all…I’ve included a HijackThis log in the next post. Hopefully it is useful.

    Thanks in advance for your help, Tony

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: