6 Jan
2011
6 Jan
'11
4:11 a.m.
In message <BLU0-SMTP18666EADDBA40B2B455F798BB0A0@phx.gbl>, Tarig Ahmed writes:
hi all
I am receiving emails from many servers saying that: this ip (from a customer) is trying to attacking one of our servers.
Is it appropriate to filter ssh, telnet, and smtp from my customers, or just forward the message to my customer contact persons?
I suspect that your customer is compromised and you should put them in a walled garden until they fix the problem. Look at traffic flows first however.
Thanks in advance..
Tarig Yassin Ahmed -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org