Security Logs
Updated: 21 May 2010 | 5 comments
This issue has been solved. See solution.
Hello everybody.
We install new OCS Server. This server haven't any virus. it is clean now.
But i want to know this security logs. I have a problem or is it normal?
there are 3 pictures in here
I have taken attact c:\Windows\system32\ntoskrnl.exe
and Sep bloked some ip address.
This computer use for OCS (Office Comminication Server).
I checked update files. and windows update is ok. there is no critical or securty updates.
any idea?
Thanks.
Fatih.
.
discussion Filed Under:
Comments
It just says IP
It just says IP 193.192.116.240 tried to Attack/infect your computer.But it has been blocked by SEP.
ntoskrnl.exe is used for File and Print sharing.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
However if you want to
However if you want to exclude it then. Which IMO is not a good option.
In SEPM goto "Clients" and click on any of your groups. Then open the "Policies" tab. Click on the third option "Network Application Monitoring". You can switch it off or add an execption for NTOSKRNL.EXE.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
attacks
Hello Vikram.
yes 193.192.116.240 ip address try to attact to me. am i have a backdoor? I just want to know.This server is connect to internet directly. and i think so this attacks is normal. Am i true?
Thanks
Fatih
Everything works better when everything works together.
If the computer is connected
If the computer is connected directly to the internet..Hackers will try their chances and you can't help it.The best thing is it is getting blocked.
As these IP's have been flagged you can forward it to your Network Admin and he can block it on the Hardware Firewall .
On BackTracing 193.192.116.240 it says it is coming from Istanbul.So just check if it from your network or its just an outsider..
however this is coming from a long way from CHINA 218.23.37.51
On my home PC i've got a static IP and I see attacks from IPs that come from all across the world.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Oh i see. we cannot blocked
Oh i see. we cannot blocked it because if we blocked 218.23.37.51 hacker try with another ip address 218.23.37.250 etc.
Thanks for answer Vikram.
Have a nice day.
Fatih.
Everything works better when everything works together.
Would you like to reply?
Login or Register to post your comment.