Endpoint Protection Small Business Edition

 View Only

  • 1.  Attack: an intrusion attempt was blocked.

    Posted Aug 11, 2017 01:53 AM

     

    Hi All,

    We received below types of alerts frequently. More than 100 messages received per day. How to stop this attack.

    Live websites running from this server. So we did not block the port 80.

    The attacks comes from different attacker IP. Shall you please help us?

    -----------------------------------------------------------------
    Attack: an intrusion attempt was blocked.
    Risk Level | Medium
    Attacker Computer
    177.79.48.18:56622
    Destination Computer
    172.31.0.202:80
    Protocol
    TCP
    Attack Signature
    Web Attack: Jorgee Vulnerability Scanner
    Attack URL
    52.52.37.252/phpmyadmin2013/
    Targeted Application
    SYSTEM
    Status
    Blocked
    Action
    Resolved - No Action Required
    Date & Time
    8/10/2017 9:19 PM



  • 2.  RE: Attack: an intrusion attempt was blocked.

    Broadcom Employee
    Posted Aug 11, 2017 02:12 AM

    177.79.48.18 is the attacker IP who is running a scan/attack on the targeted machine. Identify the machine IP, if it's external , close it on firewall.

    https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30164



  • 3.  RE: Attack: an intrusion attempt was blocked.

    Posted Aug 11, 2017 06:58 AM

    Block the remote IP at your external firewall.

    SEP IPS is doing its job by blocking it.



  • 4.  RE: Attack: an intrusion attempt was blocked.

    Posted Aug 11, 2017 07:10 AM

    Thank you for your quick reply. Already we blocked some attackers IP address. But we received the attacks from diffrent IP address at each and every time. Is any other way to stop this type of attacks?.



  • 5.  RE: Attack: an intrusion attempt was blocked.

    Posted Aug 11, 2017 07:16 AM

    Not when the IP constantly changes. You could setup a blacklist and just keep adding these IPs. You could also geo-block IPs by country if you don't do business in certain countries.



  • 6.  RE: Attack: an intrusion attempt was blocked.

    Broadcom Employee
    Posted Aug 11, 2017 08:08 AM

    if you have network IPS , then such attacks can be blocked at perimeter.



  • 7.  RE: Attack: an intrusion attempt was blocked.

    Posted Aug 11, 2017 08:22 AM

    Thank you Brian and Pete_4u2002. We will try your recomented solutions.



  • 8.  RE: Attack: an intrusion attempt was blocked.

    Posted Aug 11, 2017 08:25 AM

    Sounds good, thanks.