detect Intrusion Prevention from server

February 8, 2013 at 00:26:43
Specs: Windows 2003, 8GB
we had problem in our server. Intrusion Prevention found list of ip block from gateway.

1390 68.224.78.165 02/08/13 10:48:49 20:46:19
1390 189.4.63.219 02/08/13 10:42:24 20:39:54
1390 66.229.157.196 02/08/13 10:41:54 20:39:24
1390 79.180.187.147 02/08/13 10:41:46 20:39:16
1390 94.251.81.150 02/08/13 10:41:42 20:39:12

and Malewarebyte keeps on blocking out going traffic in seconds. how can i totally remove these Intrusions. Malewarebyes didnot detect them and spybot couldnot detect them.

your experties required.

OS: windows 2003 server ent.

thnks


See More: detect Intrusion Prevention from server

Report •


#1
February 8, 2013 at 05:05:10
It looks like a botnet attack, on port 1390. It's good that they are being blocked. You can notify the domain owners that their IPs are being used for those attacks. There is more information, on the following site, about that port.


http://www.corrupteddatarecovery.co...

How do you know when a politician is lying? His mouth is moving.


Report •

#2
February 11, 2013 at 22:09:22
is there any solution?

Report •

#3
February 12, 2013 at 05:59:16
Actually, your system handled it. If you want to take the time to report the incident to each owner of the IP addresses involved, you can do that, in hopes that they will close the hole. For example the first IP is owned by Cox Communications. 68.224.78.165

The second IP, in the list is in Brazil Grupo de Segurança Vírtua
Security and mail abuse issues should also be addressed to cert.br, http://www.cert.br/, respectivelly to cert@cert.br and mail-abuse@cert.br


The third IP is owned by Comcast

The fourth is in Isreal
Please Send Spam and Abuse ONLY to abuse@bezeqint.net

That last IP is in Russia.
Please use noc-security@zsttk.ru for spam and abuse complaints. Mails for other addresses will be ignored


I just did most of the work for you. Trying to get domain owners to close holes, is not easy. Tracing zombie systems is time consuming but that's how you would do it. If you decide to notify the domain administrators, include the corresponding line, from your log file.

How do you know when a politician is lying? His mouth is moving.


Report •

Related Solutions


Ask Question