Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Firewall alert/IP tracing

Posted on 2011-09-22
4
Medium Priority
?
368 Views
Last Modified: 2012-06-27
Hi,

Our firewall is set to block Active X, Exe's, Java etc etc. Currently, we receive an email alert informing us of anything that has been blocked or is deemed to be a bit dodgy. One of the recent alerts comes as an exe block from 2 different IP addresses relating to level3.net in the US. I have no idea what this could be or what involvement our systems would have in relation to this company. Does anyone know of a way I can trace what PC/Server this executable was headed before hitting our firewall? It's quite a regular occurance to see these alerts from both of these IP's and I'm intrigued as to what they are.

Thanks

Paul
0
Comment
Question by:the1paulcole
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 9

Accepted Solution

by:
Brian earned 2000 total points
ID: 36581327
What kind of firewall do you have? If it is advanced enough to send alerts, it will usually log that type of information in a log file somewhere.

You could also setup a laptop with WireShark on the LAN and look for requests to those two IPs.
0
 
LVL 1

Author Comment

by:the1paulcole
ID: 36585408
It's a Juniper SSG20. I've had a look through it and whilst it does log, it doesn't appear to log at the level that I require. There's an option for sending messages to a syslog server (which we don't have) but I don't know the level of detail this will achieve if I get something set up for this.

Wireshark maybe a better option. I'm not very well versed with it but I think I know enough to get it setup and started. Can this be anywhere on the LAN or do I need to have it say directly into one of our switches?

Thanks
0
 
LVL 9

Assisted Solution

by:Brian
Brian earned 2000 total points
ID: 36588187
If you have managed switches, you will need to check for any settings that filters, routes or blocks regular LAN traffic. Otherwise, it can be anywhere on the same LAN.
0
 
LVL 1

Author Closing Comment

by:the1paulcole
ID: 36708445
Thank you, i've not had a chance to look at it but it's the answer i was looking for
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question