|
Posted by Roger Abell [MVP] on June 14, 2007, 1:34 am
Please log in for more thread options
It is pretty hard to go from "something at this IP is sending packets to me"
to saying "I am getting hack attempts from this IP". Without the ability to
establish that going to the second is clearly valid, there is nothing one
can do, and even with it whether anything can be done usually depends
on the good will of those with the network where that IP lives.
You might want to search the MS website for the guidance on
using IPsec for "domain isolation".
Roger
> Windows 2003 Server R2 standard edition with SP2, sitting behind SonicWall
> firewall.
>
> Recently, there are a lot of Alerts from SonicWall. Such as "IPSec
> Authentication Failed" and "IPSEC Replay Detected" and some "Sub Seven
> Attack
> Dropped"
>
> It appears that the source IP address causing the IPSec Authentication
> Failed messgae is from the same source IP address. I do not recognise
> this
> IP address and upon checking the internet it seems to be originated from
> another town.
>
> The fact that these are logged in sonicwall shows these have been
> detected.
> However, please advice if these IP addresses can be blocked from within
> windows server, so that in the event that they have gone past the firewall
> they could not establish communication with the server?
>
> If these are hacking attempts are there any authority that we can report
> to?
> Many thanks for your assistance.
>
>
>
>
| 
XML Sitemap