the1paulcole
asked on
Firewall alert/IP tracing
Hi,
Our firewall is set to block Active X, Exe's, Java etc etc. Currently, we receive an email alert informing us of anything that has been blocked or is deemed to be a bit dodgy. One of the recent alerts comes as an exe block from 2 different IP addresses relating to level3.net in the US. I have no idea what this could be or what involvement our systems would have in relation to this company. Does anyone know of a way I can trace what PC/Server this executable was headed before hitting our firewall? It's quite a regular occurance to see these alerts from both of these IP's and I'm intrigued as to what they are.
Thanks
Paul
Our firewall is set to block Active X, Exe's, Java etc etc. Currently, we receive an email alert informing us of anything that has been blocked or is deemed to be a bit dodgy. One of the recent alerts comes as an exe block from 2 different IP addresses relating to level3.net in the US. I have no idea what this could be or what involvement our systems would have in relation to this company. Does anyone know of a way I can trace what PC/Server this executable was headed before hitting our firewall? It's quite a regular occurance to see these alerts from both of these IP's and I'm intrigued as to what they are.
Thanks
Paul
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you, i've not had a chance to look at it but it's the answer i was looking for
ASKER
Wireshark maybe a better option. I'm not very well versed with it but I think I know enough to get it setup and started. Can this be anywhere on the LAN or do I need to have it say directly into one of our switches?
Thanks