slt ,
faites nous part de vos aventures épiques contre les virus et attaques en tout genre , histoire de voir quand vous détecté, quelle est la nature de ce que vous détectez et ce que vous ne détectez pas et surtout quel AV vous utilisez.
Moi perso j’utilise Kaspersky et je viens d’éviter une attaque du site helkem…
merci kaspersky
voilà mon log IPCOP de la journée. Une journée normale.
IPCop IDS snort log
Date: 16 Mars
Date: 03/16 00:53:41
Name: WEB-MISC webdav search access
Priority: 2
Type: access to a potentially vulnerable web application
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1070
Refs:
Date: 03/16 08:39:41
Name: WEB-CGI redirect access
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 895
Refs:
Date: 03/16 08:39:59
Name: WEB-PHP read_body.php access attempt
Priority: 2
Type: access to a potentially vulnerable web application
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1997
Refs:
Date: 03/16 08:40:13
Name: WEB-PHP read_body.php access attempt
Priority: 2
Type: access to a potentially vulnerable web application
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1997
Refs:
Date: 03/16 09:43:05
Name: WEB-CGI redirect access
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 895
Refs:
Date: 03/16 11:26:05
Name: MS-SQL Worm propagation attempt
Priority: 2
Type: Misc Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 2003
Refs:
Date: 03/16 11:30:40
Name: WEB-CGI redirect access
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 895
Refs:
Date: 03/16 12:15:57
Name: MS-SQL Worm propagation attempt
Priority: 2
Type: Misc Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 2003
Refs:
Date: 03/16 13:17:24
Name: SCAN Proxy (8080) attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 620
Refs:
Date: 03/16 13:17:27
Name: SCAN Proxy (8080) attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 620
Refs:
Date: 03/16 13:17:30
Name: SCAN Proxy (8080) attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 620
Refs:
Date: 03/16 13:17:31
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 615
Refs:
Date: 03/16 13:17:32
Name: SCAN Squid Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 618
Refs:
Date: 03/16 13:17:34
Name: SCAN Proxy (8080) attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 620
Refs:
Date: 03/16 13:17:34
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 615
Refs:
Date: 03/16 13:17:35
Name: SCAN Squid Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 618
Refs:
Date: 03/16 13:17:37
Name: SCAN Proxy (8080) attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 620
Refs:
Date: 03/16 13:17:37
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 615
Refs:
Date: 03/16 13:17:38
Name: SCAN Squid Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 618
Refs:
Date: 03/16 13:17:40
Name: SCAN Proxy (8080) attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 620
Refs:
Date: 03/16 13:17:41
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 615
Refs:
Date: 03/16 13:17:42
Name: SCAN Squid Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 618
Refs:
Date: 03/16 13:17:44
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 615
Refs:
Date: 03/16 13:17:45
Name: SCAN Squid Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 618
Refs:
Date: 03/16 13:17:46
Name: SCAN Proxy (8080) attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 620
Refs:
Date: 03/16 13:17:47
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 615
Refs:
Date: 03/16 13:17:48
Name: SCAN Squid Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 618
Refs:
Date: 03/16 13:17:53
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 615
Refs:
Date: 03/16 13:17:54
Name: SCAN Squid Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 618
Refs:
Date: 03/16 19:44:00
Name: WEB-CGI redirect access
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 895
Refs:
Date: 03/16 20:44:08
Name: WEB-CGI redirect access
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 895
Refs:
Date: 03/16 20:44:43
Name: WEB-PHP read_body.php access attempt
Priority: 2
Type: access to a potentially vulnerable web application
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1997
Refs:
Date: 03/16 20:45:35
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:45:35
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:45:36
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:45:39
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:45:40
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:45:40
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:51:50
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:51:50
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:51:50
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:51:51
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 21:18:29
Name: WEB-CGI redirect access
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 895
Refs:
Moi je suis bombardé avec netsky sur ma boite mail j’avoue ne pas savoir par qui en tout cas les gars sont pas trés originaux c’est toujours avec la variante D …
J’ai ZA avec antivirus.
le logo SID: ça fait référence à quoi ?
La base de Registre renferme avant tout des principes de sécurité désignés par l’abréviation SID (Security Identifier - Identificateurs de Sécurité).
c’est un numéro qui fait lien vers une base d’information concernant le type d’attaque rencontré
je viens d’avoir ca: [quote=""]
Ordinateur attaque depuis rt.njabl.org ; Annalyse ports TCP .Attaque refoulee"
[/quote]
Bloquee par Anti Hacker 
je viens d’être attaqué par le réseau d’Helkern
j’ai repoussé l’attaque.
je recherche des info sur Helkern.
a trois reprise je repousse des attaques de leurs réseaux, je voudrais savoir qui ils sont et comment choisissent ils leur victimes.
êtes vous également attaqués par ce réseau.
c’est en nous unissant que nous optimiseront notre sécurité.
l’union fait la force.
zarathoustralegrand,quelle est ton AV et firewall?