Endpoint Protection

 View Only

  • 1.  Top Source of Attack

    Posted Aug 24, 2014 06:15 AM

    Hi,

    Our Proxy ISA is showing on SEPM as 94% Top source of attack, what does that mean what should be done?

    Thanks



  • 2.  RE: Top Source of Attack

    Posted Aug 24, 2014 08:00 AM

    So nothing showing in the SEPM logs? This is only from your ISA. You need to run a more detailed report from the ISA to see what it is detecting the traffic as.



  • 3.  RE: Top Source of Attack

    Posted Aug 25, 2014 04:40 AM

    Hi TheSniper_,

    Does all traffic in your network come through that ISA server?  Or just the traffic to and from the Internet?

    I recommend checking the IPS logs to see what sort of activity is being reported, and whether it originates from the Internet (which will show up with the ISA server's address as "remote host" in the logs) or internal computers. This article will help:

    Two Reasons why IPS is a "Must Have" for your Network
    https://www-secure.symantec.com/connect/articles/two-reasons-why-ips-must-have-your-network
     

    Please do keep this thread up-to-date with your progress!

    Many thanks,

    Mick

     

     



  • 4.  RE: Top Source of Attack

    Posted Aug 25, 2014 04:56 AM

    All traffic to internet only throgh TMG server



  • 5.  RE: Top Source of Attack

    Posted Aug 25, 2014 07:44 AM

    What's it detecting the traffic as?