Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


TCP Xmas Tree Dropped Across Multiple Firewalls in Different Geographic Locations

Bo_HicBo_Hic Newbie ✭

Hi all,

First, I've been working with SonicWall TZs for a number of years now and I still lay no claim to being proficient with them. :) Second, I am fairly new to monitoring logs and security events so I don't have a full grasp of what to be concerned about and what not to be. I've heard things like "If it blocked it, don't worry about it," and on the flip side, I've also heard "if it alerted us, we have to investigate it!" So, I try to lay in the middle. That said..

This morning, I saw the following alert in 4 out of 5 of our firewalls. Keep in mind these firewalls are all located in different locations geographically (Oregon and Washington) and all of them are on different ISPs.

The packets all came in within a few minutes of each other, and they all originated from the same IP which The Anti Hacker Alliance and WHOIS both resolve to Warsaw Poland. And a RIPE search show MEVSPACE as the responsible org and perhaps Skytech as the IP holder. They seem to have an aesthetic website, but it doesn't work real well. A little odd.

Any way, I was more curious than concerned but, is this something that is common? Or could it be some sort of state-sponsored blast? Has anyone else seen this this morning?

Looking forward to your input!


Category: Water Cooler


Sign In or Register to comment.