FOSnet
asked on
Heart Bleed Attack
We are being told by our ISP that we have a computer/device on our network performing Heart Bleed attacks. We have performed AV scans with multiple AV products but the attacks are still happening. The client has Wi-Fi so we don't have complete control of what devices can connect to the network. We have tried to track down the attack as the traffic passes through the WatchGuard firewall but haven't had any luck. So basically I'm asking how can I track down the source of the heart bleed attack?
Mostly attacks happen on port 443 (HTTPS) or port 22 (SSH). Scan for that traffic, especially, if you see it's a LOT and going everywhere.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.