ed by the attacker? 5. Is this something the client should be inform
We've received an alert about suspicious activity from the firewall. Based on the provided logs below, please answer the follow questions:
1. What is the source of this activity?
2. What is the destination of the activity?
3. What part of the client's environment is this affecting?
4. What is the port being targeted by the attacker?
5. Is this something the client should be informed about? Why or why not?
6. What do you think is going on here?
Oct 20 08:22:17 PA1.ACME.org 1,2020/10/20 08:22:16,013101004916,THREAT,vulnerability,2049,2020/10/20 08:22:16,192.241.217.192,88.66.59.62,192.241.217.192,10.6.200.239,owa.acme.org,,,web-browsing,vsys1,Untrust-L3,Trust-L3,ethernet1/11,ethernet1/9,Log Forwarding to ADCSyslog,2020/10/20 08:22:16,554581,1,38746,80,38746,80,0x412000,tcp,alert,"66.99.95.26/",ZGrab Application Layer Scanner Detection(57955),any,medium,client-to-server,6883821905258742491,0x2000000000000000,United States,United States,0,,0,,,1,,,,,,,,0,0,0,0,0,ADC-FW-A,PA1,,,,,0,,0,,N/A,info-leak,AppThreat-8332-6358,0x0,0,4294967295,
======
Oct 20 08:22:30 PA1.ACME.org 1,2020/10/20 08:22:30,013101004916,TRAFFIC,end,2049,2020/10/20 08:22:30,192.241.217.192,88.66.59.65,192.241.217.192,172.16.1.140,Direct Access - Inbound,,,web-browsing,vsys1,Untrust-L3,DMZ-L3,ethernet1/11,ethernet1/7,Log Forwarding to ADCSyslog,2020/10/20 08:22:30,389380,1,56902,80,56902,80,0x41001c,tcp,allow,1709,512,1197,10,2020/10/20 08:22:04,10,any,0,6883821905367363307,0x0,United States,United States,0,6,4,tcp-fin,0,0,0,0,ADC-FW-A,PA1,from-policy,,,0,,0,,N/A,0,0,0,0
======
Oct 20 08:22:32 PA1.ACME.org 1,2020/10/20 08:22:31,013101004916,TRAFFIC,end,2049,2020/10/20 08:22:31,192.241.217.192,88.66.59.52,192.241.217.192,10.6.200.238,owa.acme.org,,,web-browsing,vsys1,Untrust-L3,Trust-L3,ethernet1/11,ethernet1/9,Log Forwarding to ADCSyslog,2020/10/20 08:22:31,404737,1,33274,80,33274,80,0x41001c,tcp,allow,1053,512,541,9,2020/10/20 08:22:05,10,any,0,6883821905367363898,0x0,United States,United States,0,6,3,tcp-fin,0,0,0,0,ADC-FW-A,PA1,from-policy,,,0,,0,,N/A,0,0,0,0
Trending now
This is a popular solution!
Step by step
Solved in 2 steps