Jump to content

eric_at_western

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I just temporarily disabled Malwarebytes on WCNCSERVER as well as on a client.I went to 122.228.198.140 and Chrome told me it refused to connect. I then tried "ksmobile.net" and that popped up on Wireshark on the server. The Destination was 122.228.198.140 however the source is still the WCNCSERVER ip address. The site appears to be related to a mobile app software provider. I'm thinking that there was a phone plugged into a computer at my company that installed something that is talking to this IP address. How else can I make the server log where the incoming connection came from?
  2. Hello, I'm hoping you can help me with this. I'm a rookie at IT stuff, but I help my company as best that I can. We have Malwarebytes business installed on every computer in our company including our server called WCNCSERVER. This server is also our DNS and DHCP server. I think that when someone tries to access a bad site I get notified that WCNCSERVER had a website blocked. I assume that is because all of the traffic is going through this server. How can I identify a rogue user or computer? I would assume if it is a company computer that Malwarebytes would have identified the site on the company computer and notified me before it ever made it to the WCNCSERVER. We do not have WiFi so it's not a mobile device. I have tried Wireshark, but it also shows that the WCNCSERVER is the one trying to access the malicious website. I've contacted Malwarebytes and they've told me that Malwarebytes is good for blocking the threat, but not for identifying the culprit. The only thing I'm interested in is finding the rouge computer. Any ideas? Thank you. Email: Alert Time: 5/10/2016 9:59:30 AM Server Hostname: ENGINEERING- Server Domain/Workgroup: ENGINEERING Server IP: 10.10.50.234 Notification Catalog: Client Description: Malware threat detected, see details below: 5/10/2016 9:58:36 AM WCNCSERVER 10.10.50.12 Blocked web site Type: outgoing, Port: 53936, Process: dns.exe 122.228.198.140
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.