Solved

Firewall alert/IP tracing

Posted on 2011-09-22
4
361 Views
Last Modified: 2012-06-27
Hi,

Our firewall is set to block Active X, Exe's, Java etc etc. Currently, we receive an email alert informing us of anything that has been blocked or is deemed to be a bit dodgy. One of the recent alerts comes as an exe block from 2 different IP addresses relating to level3.net in the US. I have no idea what this could be or what involvement our systems would have in relation to this company. Does anyone know of a way I can trace what PC/Server this executable was headed before hitting our firewall? It's quite a regular occurance to see these alerts from both of these IP's and I'm intrigued as to what they are.

Thanks

Paul
0
Comment
Question by:the1paulcole
  • 2
  • 2
4 Comments
 
LVL 9

Accepted Solution

by:
Brian earned 500 total points
ID: 36581327
What kind of firewall do you have? If it is advanced enough to send alerts, it will usually log that type of information in a log file somewhere.

You could also setup a laptop with WireShark on the LAN and look for requests to those two IPs.
0
 
LVL 1

Author Comment

by:the1paulcole
ID: 36585408
It's a Juniper SSG20. I've had a look through it and whilst it does log, it doesn't appear to log at the level that I require. There's an option for sending messages to a syslog server (which we don't have) but I don't know the level of detail this will achieve if I get something set up for this.

Wireshark maybe a better option. I'm not very well versed with it but I think I know enough to get it setup and started. Can this be anywhere on the LAN or do I need to have it say directly into one of our switches?

Thanks
0
 
LVL 9

Assisted Solution

by:Brian
Brian earned 500 total points
ID: 36588187
If you have managed switches, you will need to check for any settings that filters, routes or blocks regular LAN traffic. Otherwise, it can be anywhere on the same LAN.
0
 
LVL 1

Author Closing Comment

by:the1paulcole
ID: 36708445
Thank you, i've not had a chance to look at it but it's the answer i was looking for
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to choose hardware firewall 5 60
not able to to ping server on a switch 1 33
How to append an output to existing file with DOS and IPerf 2 35
asset tags - importance 3 30
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

838 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question