|
Posted by tomhelmet on May 31, 2006, 12:49 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Our firewall periodically reports the following event. There is no
pattern the date or times that it occurs but it has been occuring for
months. The internal information appears to be randomly generated from
possibly AD. The computer referenced is not even on the network and
the IP address was random as well however it was in the range used by
our VPN.
I have perfromed WHOIS on the IP and domain and ikatel.net is
registered to a company in Mali.
I have not found anything on local workstations.
Deny tcp src inside:XXX.XXX.X.XXX (systemax)/3888 dst
outside:196.200.80.222 (dial222.ikatelnet.net)/25 by access-group
"inside_access_in"
Has anyone seen this or something similar that just drives them crazy?
| 
XML site map