This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

four infected pc's, and no alarm from astaro IPS

Hi all,

I'm wondering here. This week I have had infections on FOUR workstations, with the autorun-ATQ [Worm]. It communicated with it's botnet masters over port 8004.

But my question is: shouldn't these kinds of infections have generated alerts??

This thread was automatically locked due to age.

Parents

0 BAlfson over 16 years ago

Ian, I think Jan is pretty knowledgable, so I inferred that he meant he wasn't explicitly dropping any inbound responses.

Bruce, I remember seeing alerts on traffic from infected laptops to internal devices, but I can't think of any alerts I've seen for traffic to external IPs. Can anyone suggest a safe way to test this?

Thanks - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 RFCat_vk_01 over 16 years ago in reply to BAlfson

Bob,
I suspect you are correct seeing his join date is 2003.

Just it is a funny way to express filter rules.

Ian M
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 RFCat_vk_01 over 16 years ago in reply to BAlfson

Bob,
I suspect you are correct seeing his join date is 2003.

Just it is a funny way to express filter rules.

Ian M
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data