Endpoint Protection

 View Only

  • 1.  Source Of attack

    Posted Jul 25, 2013 03:11 AM

    Hi Team,

    We have found source of attackers in report.

    In List we found Attacking Host ,Number of attack and Percentage,

    how I know which attack one single IP srade in my Network.



  • 2.  RE: Source Of attack

    Broadcom Employee
    Posted Jul 25, 2013 03:14 AM

    usually it has to be private IP if it's in network the public IP address are the one which are from outside world.



  • 3.  RE: Source Of attack

    Posted Jul 25, 2013 04:44 AM

    You may want to enable Risk Tracer (which is included in SEP and enabled via the Virus and Spyware Protection policy) to help you track down the source of an infection:

    http://www.symantec.com/docs/TECH102539
    http://www.symantec.com/docs/TECH94526

    Note: This does not work retroactively, so you'll need to wait for another infection attempt for SEP to grab more information on the source.



  • 4.  RE: Source Of attack

    Trusted Advisor
    Posted Jul 25, 2013 07:25 AM

    Hello,

    Enable the Risk Tracer.

    Check this Article:

    What is Risk Tracer?

     
    Some additional notes ....
    • Risk Tracer relies upon Windows File and Printer Sharing. If this is disabled (as per MS Article 199346, http://support.microsoft.com/kb/199346) Risk Tracer will not work.
    • Risk Tracer works with Windows XP, Windows 2003, Windows 7 and other Windows OS's.  It is not inherently limited to Windows XP.
    • The SEP client Network Threat Protection (NTP) feature must be installed for Risk Tracer to function fully.
    • Risk Tracer may be disabled in order to reduce SEP's performance impact on an overburdened computer.
    Hope that helps!