[Wolves] smoothwall advice please
Ron Wellsted
ron at wellsted.org.uk
Tue Jun 7 21:10:28 BST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
kev adams wrote:
> 10.0.0.2 is the address of my router & 10.0.0.5 the address of my smoothwall
> box. Have I read it correctly - has my smoothwall box been compromised &
> used for an "OVERSIZE REQUEST-URI DIRECTORY" attack on IP 67.15.2.10:80
> Or did I read it wrong?
>
> I've noticed over the last few days that there's been a worryingly regular
> flash of activity from the ADSL router RXD light but it wasn't until
> yesterday that smoothwall logs showed this sort of activity.
Sorry, no quick answers, just a load of questions.
Is the smoothie setup as a transparent proxy?
What other systems are on the inside of the smoothie? Any Windows boxes?
Was anyone accessing ebay, ebuyer or Hosting Unlimited at about 16:30?
Do you use any of those web sites?
Have you opened any ports on the smoothie to allow external access to or
through the firewall?
- --
Ron Wellsted
http://www.wellsted.org.uk
ron at wellsted.org.uk
FWD:519961 Gossiptel:9309811
N 52.567623, W 2.137621
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQEVAwUBQqX+x0tP/KMNOfRbAQKmdgf/QUxVLCzLwotffQ2Xzzq3tfTJQpi2krv6
i6dnlV4E8eAw1OgVVQYWPf3M2FUkeyXxAKvM/5v5OHEwNX3jsnJiCj+OCfWZ0JXA
pB202jKDmbMXqVVMVW3FjNy1l6Nw3t39teo6BNXu4wi+pANB/IfLPRoyC7WmEdvn
/8XrQfTXkPZ4zDgiuQbYahlIHxz6zOGu7s01V5ama4A4I5p7aKYZrPfxZqTZv1+1
50yt8frbb58RAugYy1aUvmbXMx8vQDxeLX84iOmK6aBmmGHdW6JZU37lbtYS1XYg
iPS9Daz6aV920D1lx2Wf8gZlA2yJKilRnsFXvp5GkhODJBv0OyCoJg==
=czEG
-----END PGP SIGNATURE-----
More information about the Wolves
mailing list