Link to home
Start Free TrialLog in
Avatar of the1paulcole
the1paulcoleFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Firewall alert/IP tracing

Hi,

Our firewall is set to block Active X, Exe's, Java etc etc. Currently, we receive an email alert informing us of anything that has been blocked or is deemed to be a bit dodgy. One of the recent alerts comes as an exe block from 2 different IP addresses relating to level3.net in the US. I have no idea what this could be or what involvement our systems would have in relation to this company. Does anyone know of a way I can trace what PC/Server this executable was headed before hitting our firewall? It's quite a regular occurance to see these alerts from both of these IP's and I'm intrigued as to what they are.

Thanks

Paul
ASKER CERTIFIED SOLUTION
Avatar of Brian
Brian
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of the1paulcole

ASKER

It's a Juniper SSG20. I've had a look through it and whilst it does log, it doesn't appear to log at the level that I require. There's an option for sending messages to a syslog server (which we don't have) but I don't know the level of detail this will achieve if I get something set up for this.

Wireshark maybe a better option. I'm not very well versed with it but I think I know enough to get it setup and started. Can this be anywhere on the LAN or do I need to have it say directly into one of our switches?

Thanks
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you, i've not had a chance to look at it but it's the answer i was looking for