Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Source Of attack

Created: 25 Jul 2013 | 3 comments

Hi Team,

We have found source of attackers in report.

In List we found Attacking Host ,Number of attack and Percentage,

how I know which attack one single IP srade in my Network.

Operating Systems:

Comments 3 CommentsJump to latest comment

pete_4u2002's picture

usually it has to be private IP if it's in network the public IP address are the one which are from outside world.

SMLatCST's picture

You may want to enable Risk Tracer (which is included in SEP and enabled via the Virus and Spyware Protection policy) to help you track down the source of an infection:

http://www.symantec.com/docs/TECH102539
http://www.symantec.com/docs/TECH94526

Note: This does not work retroactively, so you'll need to wait for another infection attempt for SEP to grab more information on the source.

Mithun Sanghavi's picture

Hello,

Enable the Risk Tracer.

Check this Article:

What is Risk Tracer?

 
Some additional notes ....
  • Risk Tracer relies upon Windows File and Printer Sharing. If this is disabled (as per MS Article 199346, http://support.microsoft.com/kb/199346) Risk Tracer will not work.
  • Risk Tracer works with Windows XP, Windows 2003, Windows 7 and other Windows OS's.  It is not inherently limited to Windows XP.
  • The SEP client Network Threat Protection (NTP) feature must be installed for Risk Tracer to function fully.
  • Risk Tracer may be disabled in order to reduce SEP's performance impact on an overburdened computer.
Hope that helps!
 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.