I got an email with this content:
>MYSERVERIP was observed probing AGUYWEBSITE for security holes. It
>has been blocked at our border routers. It may be compromised.
>For more info contact THEGUY
>Please include the entire subject line of the original message
>(time zone of log is PST, which is UTC-08:00, date is MMDD)
>log entries are from Cisco netflow, time is flow start time
>date.time srcIP srcPort dstIP dstPort proto
>0225.13:47:49.302 MYSERVERIP 3876 HISSERVERIP 445 6
>0225.14:03:35.086 MYSERVERIP 2875 HISSERVERIP 445 6
My LAN connects to the internet using a Debian Firewall / Gateway / Proxy.
How can I track down where's the problem?