> > Looks like the Code Red attack. > > > > If you are running IIS on this same box, just install M$'s URLScan, and > > it will stop most of it. > > > > Also it looks like they are spoofing a local ip (192.168.1.1). > > > > 192.162.1.1 is an interface on a firewall that proxies HTTP traffic; I will > look at firewall logs today and hopefully find where this is coming from. > We don't run IIS. >
Tracked down attacking IP address to 61.183.69.15. How do I determine who this belongs to as it is not registered in DNS? Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/