Security Logs

This issue has been solved. See solution.
Fatih Teke's picture
Fatih Teke
October 26th, 2009

Hello everybody.
We install new OCS Server. This server haven't any virus. it is clean now.
But i want to know this security logs. I have a problem or is it normal?
there are 3 pictures in here
I have taken attact c:\Windows\system32\ntoskrnl.exe
and Sep bloked some ip address.
This computer use for OCS (Office Comminication Server).
I checked update files. and windows update is ok. there is no critical or securty updates.
any idea?
Thanks.
Fatih.

.2.JPG1.JPG
3.JPG

Filed under: , ,
0 votes
Vikram Kumar-SAV to SEP's picture
Vikram Kumar-SAV to SEP
4 weeks 2 days ago

 It just says IP

 It just says IP 193.192.116.240 tried to Attack/infect your computer.But it has been blocked by SEP.
ntoskrnl.exe is used for File and Print sharing.

Celebrating 2 years as a community member....

0 votes
Vikram Kumar-SAV to SEP's picture
Vikram Kumar-SAV to SEP
4 weeks 2 days ago

 However if you want to

 However if you want to exclude it then. Which IMO is not a good option.

In SEPM goto "Clients" and click on any of your groups. Then open the "Policies" tab. Click on the third option "Network Application Monitoring". You can switch it off or add an execption for NTOSKRNL.EXE.

Celebrating 2 years as a community member....

0 votes
Fatih Teke's picture
Fatih Teke
4 weeks 2 days ago

attacks

Hello Vikram.
yes 193.192.116.240 ip address try to attact to me. am i have a backdoor? I just want to know.This server is connect to internet directly. and i think so this attacks is normal. Am i true?
Thanks
Fatih

------------------------------------------
Everything works better when everything works together.

0 votes
Vikram Kumar-SAV to SEP's picture
Vikram Kumar-SAV to SEP
4 weeks 2 days ago

If the computer is connected

Solution

If the computer is connected directly to the internet..Hackers will try their chances and you can't help it.The best thing is it is getting blocked.
As these IP's have been flagged you can forward it to your Network Admin and he can block it on the Hardware Firewall .

On BackTracing 193.192.116.240 it says it is coming from Istanbul.So just check if it from your network or its just an outsider..
however this is coming from a long way from CHINA 218.23.37.51
On my home PC i've got a static IP and I see attacks from IPs that come from all across the world.

Celebrating 2 years as a community member....

0 votes
SOLUTION
Fatih Teke's picture
Fatih Teke
4 weeks 2 days ago

Oh i see. we cannot blocked

Oh i see. we cannot blocked it because if we blocked 218.23.37.51 hacker try with another ip address 218.23.37.250 etc.
Thanks for answer Vikram.
Have a nice day.
Fatih.

------------------------------------------
Everything works better when everything works together.

0 votes