En gang imellem, når man møder mandag morgen, så ser ligger der følgende
alerts:
2004/04/03 10:11:24.640 - Possible Port Scan Dropped - Source:213.140.6.96,
43116, WAN - Destination:x.x.x.x, 139, WAN - TCP scanned port list, 2745,
1025, 445, 3127, 6129 -
2004/04/03 18:15:36.656 - Possible Port Scan Dropped - Source:130.126.28.49,
2107, WAN - Destination:x.x.x.x, 139, DMZ - TCP scanned port list, 2745,
1025, 445, 3127, 6129 -
2004/04/04 02:13:42.352 - Possible Port Scan Dropped - Source:130.126.30.66,
2620, WAN - Destination:x.x.x.x, 139, WAN - TCP scanned port list, 2745,
1025, 445, 3127, 6129 -
2004/04/04 04:46:26.720 - Possible Port Scan Dropped - Source:130.49.90.126,
4831, WAN - Destination:x.x.x.x, 6129, DMZ - TCP scanned port list, 2745,
135, 1025, 445, 3127 -
2004/04/04 11:37:59.704 - Possible Port Scan Dropped - Source:218.17.173.94,
2847, WAN - Destination:x.x.x.x, 139, DMZ - TCP scanned port list, 2745,
1025, 445, 3127, 6129 -
2004/04/04 11:54:24.784 - Possible Port Scan Dropped -
Source:219.130.44.118, 1077, WAN - Destination:x.x.x.x, 139, DMZ - TCP
scanned port list, 2745, 1025, 445, 3127, 6129 -
2004/04/04 12:20:21.368 - Possible Port Scan Dropped -
Source:219.252.146.168, 1669, WAN - Destination:x.x.x.x, 139, DMZ - TCP
scanned port list, 2745, 1025, 445, 3127, 6129 -
2004/04/04 14:08:03.416 - Possible Port Scan Dropped - Source:61.41.248.43,
1554, WAN - Destination:x.x.x.x, 139, DMZ - TCP scanned port list, 2745,
135, 1025, 445, 6129 -
2004/04/04 18:36:04.704 - Possible Port Scan Dropped - Source:201.129.21.3,
4061, WAN - Destination:x.x.x.x, 6129, DMZ - TCP scanned port list, 2745,
135, 1025, 445, 3127 -
2004/04/04 21:12:09.768 - Possible Port Scan Dropped - Source:80.143.225.23,
3184, WAN - Destination:x.x.x.x, 6129, WAN - TCP scanned port list, 2745,
135, 1025, 445, 3127 -
2004/04/05 00:02:58.544 - Possible Port Scan Dropped -
Source:130.228.92.145, 4155, WAN - Destination:x.x.x.x, 6129, DMZ - TCP
scanned port list, 2745, 135, 1025, 445, 3127 -
2004/04/05 01:03:04.944 - Possible Port Scan Dropped -
Source:62.101.126.208, 7317, WAN - Destination:x.x.x.x, 139, DMZ - TCP
scanned port list, 2745, 1025, 445, 3127, 6129 -
2004/04/05 03:33:19.320 - Possible Port Scan Dropped - Source:67.101.250.37,
3366, WAN - Destination:x.x.x.x, 6129, DMZ - TCP scanned port list, 2745,
135, 1025, 445, 3127 -
2004/04/05 04:00:19.608 - Possible Port Scan Dropped -
Source:192.192.236.146, 4423, WAN - Destination:x.x.x.x, 139, DMZ - TCP
scanned port list, 2745, 135, 1025, 3127, 6129 -
2004/04/05 04:21:05.560 - Possible Port Scan Dropped - Source:68.78.148.97,
2796, WAN - Destination:x.x.x.x, 6129, DMZ - TCP scanned port list, 2745,
135, 1025, 445, 3127 -
2004/04/05 04:50:32.704 - Possible Port Scan Dropped - Source:218.94.47.10,
54919, WAN - Destination:x.x.x.x, 139, WAN - TCP scanned port list, 2745,
1025, 445, 3127, 6129 -
2004/04/05 05:24:09.768 - Possible Port Scan Dropped - Source:201.1.85.49,
3467, WAN - Destination:x.x.x.x, 6129, DMZ - TCP scanned port list, 2745,
135, 1025, 445, 3127 -
2004/04/05 05:45:04.128 - Possible Port Scan Dropped -
Source:62.234.173.128, 1041, WAN - Destination:x.x.x.x, 6129, DMZ - TCP
scanned port list, 2745, 135, 1025, 445, 3127 -
2004/04/05 06:00:33.880 - Possible Port Scan Dropped -
Source:67.127.172.238, 3509, WAN - Destination:x.x.x.x, 6129, DMZ - TCP
scanned port list, 2745, 135, 1025, 445, 3127 -
2004/04/05 06:43:46.832 - Possible Port Scan Dropped - Source:64.165.61.87,
4992, WAN - Destination:x.x.x.x, 6129, DMZ - TCP scanned port list, 2745,
135, 1025, 445, 3127 -
2004/04/05 07:43:42.832 - Possible Port Scan Dropped -
Source:216.164.72.187, 2056, WAN - Destination:x.x.x.x, 6129, WAN - TCP
scanned port list, 2745, 135, 1025, 445, 3127 -
2004/04/05 08:23:52.352 - Possible Port Scan Dropped - Source:218.91.24.85,
3226, WAN - Destination:x.x.x.x, 139, DMZ - TCP scanned port list, 2745,
1025, 445, 3127, 6129 -
Så kører møllen. Først checker vi adresserne for non-kinesere. Dem kan vi
ikke gøre noget ved. Egentlig ville vi gerne i IT-afdelingen totalt blokere
for Kina, men der købes varer derude, så det kan vi ikke. Men hvis der er
nogen, som man kan brokke sig over, så brokker vi os.
Derefter checker vi for patches, som M$ måtte have konstrueret i weekenden
og som vi måtte have glemt at få på selvom der er folk, som er på i
weekenden og normalt checker dette.
Så checker vi for ny-komne vira og sammenholder hvornår at vores anti-virus
blev opdateret i forhold til hvornår vi blev advaret. Dette sammenholder vi
med om der overhovedet har været folk på anlægget i det tidsrum, hvor vi
ikke har været beskyttet.
Alt imens overvejer vi om den alternative firewall skal kobles ind. (Vi har
to af forskellige fabrikat for det tilfældes skyld at strømforsyningen går i
den ene.)
Alt sammen meget tidskrævende, når der er så meget andet, morgenstunden også
går med.
--
Med venlig hilsen
Carsten Overgaard
http://www.carstenovergaard.dk/undskyld.htm