Subject: | |
From: | |
Reply To: | |
Date: | Thu, 2 Feb 2006 12:46:12 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hello-
I have a fun problem! One of the students in CCA is apparently burdened
by some sort of a Trojan, hard though that may be to believe. The
device is beaconing to various Internet addresses on the outside from a
source address that doesn't belong here. We've tracked it back to a
particular CCA zone, but can't go much further. In looking at the
ACL's that are in place, this shouldn't be possible! We have the roles
configured that only the valid source IP address should be able to get
through.
Could it be that CCA isn't really checking source addresses?
Does anybody know if there is a way to log the MAC and other information
from a particular source IP?
We are running 3.5.8..
Thanks,
++++++++++++++++++++++++++++++++++
Dave Bachand
Data Network Manager
Information Technology Services
Eastern Connecticut State University
83 Windham Street
Willimantic, CT
Tel. (860)465-5376
++++++++++++++++++++++++++++++++++
|
|
|