Hello, I have a network with Fortigate router, active firewalls and the network itself is under NAT. It recently started to get attacked by external class A IP's (several of class A based IP blocks). We scan from outside, the network, the whole IP addresses of the network itself (that should go inside), and they are not visible from outside (except for a handful of IP addresses). The thing is, that they arrive to servers inside the network, and constantly try to attack them, scan them etc, while we see the external IP addresses of the attackers.
The network contain Windows, Linux and Mac OS X machines (almost all of the desktops are Windows, and few Mac OS X). I'm looking for better ideas on what can be checked in that matter, to better understand from where they are coming from, or to figure out what is the vulnerability they are exploiting. Thanks, Ido _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
