Wednesday, February 11, 2015

IPS in Action, Canada Cyber managed services.

This is a example of a automated e-mail sent from 1 of our managed clients IDS system.  In this example it's is a inline IPS .. so the attack is blocked in real time, Then the duty tech receives an automated e-mail with <body> of the below information.

This exact data is from a Hotel in Ottawa Canada, as you are all aware hotels are a hot spot for malware as most users, usually do things the should not do......

later on investigation, revealed that the triggers first came from a user, that was looking for escort services in Ottawa using backpage.com.


Oh yah . .do not try to Google for this, as this is part of the other web or dark web .... XXX are not known on search engines. Just like TOR and IP2, Google doesn't really index these things. unless you are looking for a one time love. ;-) .


 
 logid=021100 type=virus subtype=infected level=warning msg="File is infected." status="blocked" service=UNKNOWN(255) srcip=x.x.0.129 dstip=x.x.222.194 srcport=60509 dstport=80 srcintf="internal" dstintf="wan1" policyid=1 identidx=0 sessionid=56909525 direction=N/A quarskip="No skip" virus="Zeus" ref="https://en.wikipedia.org/wiki/Zeus_%28malware%29" profile="default" srcname="PerryXXXX" osname="Windows" analyticssubmit="false" 

No comments:

Post a Comment