Solved

Firewall alert/IP tracing

Posted on 2011-09-22
4
364 Views
Last Modified: 2012-06-27
Hi,

Our firewall is set to block Active X, Exe's, Java etc etc. Currently, we receive an email alert informing us of anything that has been blocked or is deemed to be a bit dodgy. One of the recent alerts comes as an exe block from 2 different IP addresses relating to level3.net in the US. I have no idea what this could be or what involvement our systems would have in relation to this company. Does anyone know of a way I can trace what PC/Server this executable was headed before hitting our firewall? It's quite a regular occurance to see these alerts from both of these IP's and I'm intrigued as to what they are.

Thanks

Paul
0
Comment
Question by:the1paulcole
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 9

Accepted Solution

by:
Brian earned 500 total points
ID: 36581327
What kind of firewall do you have? If it is advanced enough to send alerts, it will usually log that type of information in a log file somewhere.

You could also setup a laptop with WireShark on the LAN and look for requests to those two IPs.
0
 
LVL 1

Author Comment

by:the1paulcole
ID: 36585408
It's a Juniper SSG20. I've had a look through it and whilst it does log, it doesn't appear to log at the level that I require. There's an option for sending messages to a syslog server (which we don't have) but I don't know the level of detail this will achieve if I get something set up for this.

Wireshark maybe a better option. I'm not very well versed with it but I think I know enough to get it setup and started. Can this be anywhere on the LAN or do I need to have it say directly into one of our switches?

Thanks
0
 
LVL 9

Assisted Solution

by:Brian
Brian earned 500 total points
ID: 36588187
If you have managed switches, you will need to check for any settings that filters, routes or blocks regular LAN traffic. Otherwise, it can be anywhere on the same LAN.
0
 
LVL 1

Author Closing Comment

by:the1paulcole
ID: 36708445
Thank you, i've not had a chance to look at it but it's the answer i was looking for
0

Featured Post

Webinar June 1st - Attacking Ransomware  

The global cyberattack that corrupted hundreds of thousands of computer systems on May 12th had a face, name, & price tag that we’ve seen all too often in recent years: Ransomware. With the stakes – and costs – of a ransomware attack higher than ever, is your business prepared ?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Datacenter Upgrade - Design Question 5 62
Wifi Router Confliction with Network 12 45
Recommended raid configuration for ESXi host 7 93
Move WSUS to Server 2016 3 36
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question