Solved

Firewall alert/IP tracing

Posted on 2011-09-22
4
359 Views
Last Modified: 2012-06-27
Hi,

Our firewall is set to block Active X, Exe's, Java etc etc. Currently, we receive an email alert informing us of anything that has been blocked or is deemed to be a bit dodgy. One of the recent alerts comes as an exe block from 2 different IP addresses relating to level3.net in the US. I have no idea what this could be or what involvement our systems would have in relation to this company. Does anyone know of a way I can trace what PC/Server this executable was headed before hitting our firewall? It's quite a regular occurance to see these alerts from both of these IP's and I'm intrigued as to what they are.

Thanks

Paul
0
Comment
Question by:the1paulcole
  • 2
  • 2
4 Comments
 
LVL 9

Accepted Solution

by:
Brian earned 500 total points
ID: 36581327
What kind of firewall do you have? If it is advanced enough to send alerts, it will usually log that type of information in a log file somewhere.

You could also setup a laptop with WireShark on the LAN and look for requests to those two IPs.
0
 
LVL 1

Author Comment

by:the1paulcole
ID: 36585408
It's a Juniper SSG20. I've had a look through it and whilst it does log, it doesn't appear to log at the level that I require. There's an option for sending messages to a syslog server (which we don't have) but I don't know the level of detail this will achieve if I get something set up for this.

Wireshark maybe a better option. I'm not very well versed with it but I think I know enough to get it setup and started. Can this be anywhere on the LAN or do I need to have it say directly into one of our switches?

Thanks
0
 
LVL 9

Assisted Solution

by:Brian
Brian earned 500 total points
ID: 36588187
If you have managed switches, you will need to check for any settings that filters, routes or blocks regular LAN traffic. Otherwise, it can be anywhere on the same LAN.
0
 
LVL 1

Author Closing Comment

by:the1paulcole
ID: 36708445
Thank you, i've not had a chance to look at it but it's the answer i was looking for
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSH over http/https 8 109
New VoIP phone system - what networking changes should be made 4 97
By pass website on ASA for Websense 4 55
2 Gateways (bandwidth) - One domain 7 54
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now