T
Tom Bombadill
Hi,
For the past couple of days, we happen to lose our internet connection in
the morning. When I check our firewall's status, I notice that there are
6144 open sessions, flooding the device, thus no meaningful transfer of data
to or from the Internet.
After tracking the IP address of the source machine for all the connections,
I realized that it was our VPN server, sitting in our LAN, behind the
firewall. The source port number was 4886.
We have an access rule defined on the firewall to forwad all PPTP calls to
our VPN server in the LAN.
Our firewall is a Sonicwall Pro 100 and the VPN server is a W2K which is
also a DC.
Does anybody have any idea as to what may be causing this, what hack tool is
in question, how we may have been hacked in the first place and how I can
remedy the situation?
Thanks,
For the past couple of days, we happen to lose our internet connection in
the morning. When I check our firewall's status, I notice that there are
6144 open sessions, flooding the device, thus no meaningful transfer of data
to or from the Internet.
After tracking the IP address of the source machine for all the connections,
I realized that it was our VPN server, sitting in our LAN, behind the
firewall. The source port number was 4886.
We have an access rule defined on the firewall to forwad all PPTP calls to
our VPN server in the LAN.
Our firewall is a Sonicwall Pro 100 and the VPN server is a W2K which is
also a DC.
Does anybody have any idea as to what may be causing this, what hack tool is
in question, how we may have been hacked in the first place and how I can
remedy the situation?
Thanks,