We help IT Professionals succeed at work.

Getting hit by hackers - How do I block specific domains on PIX 501?

mentisgroup
mentisgroup asked
on
510 Views
Last Modified: 2009-02-04
I am getting hit hard by a hacker in Russia.  How do I block all traffic from a specific domain or IP address on a pix 501?
Comment
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Commented:
What do you mean getting hit hard by a hacker? What is this person doing?
Ya, can you provide some more info as in what exactly is happening and also is this from a single ip address?

Cheers,
Rajesh

Author

Commented:
Customer: TESTDOMAIN
Device: DC03 - 10.100.10.123
Service: Event Log
State Transition: From Normal To Failed
Time Of State Transition: 2007-01-23 12:52:25.550 -0600
Probe(s): 10.100.10.123

Scandetails:
  Event Log Module Status: 1
  Oldest Record Processed: 3127167
  # of Records Processed: 45817
  # of duplicate events: 0
  Source: Security
  Category: Account Logon
  Event ID: 680
  User (If Applicable): NT AUTHORITY\SYSTEM
  Computer: MENTIS03
  Event Description: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0    Logon account: server@raicom.ru    Source Workstation: DC03    Error Code: 0xC0000064

Notification: 0
Notification Activated: 1/23/07 12:52 PM Notification Sent: 2007-01-23 12:52:48.651 -0600
looks to me like computer authentication request. On that computer, you would have similar log in the event viewer, can you get the event id from there ?

Cheers,
Rajesh

Author

Commented:
Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            1/23/2007
Time:            9:12:52 PM
User:            NT AUTHORITY\SYSTEM
Computer:      DC03
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      server@raicom.ru
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      Negotiate
       Workstation Name:      DC03
       Caller User Name:      DC03$
       Caller Domain:      TESTDOMAIN
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      472
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -

Author

Commented:
Any other ideas?

Author

Commented:
???
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.