Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » security log entries
  •  
bperkins

Messages: 359
Karma: 0
Send a private message to this user
I just received these few entries in my security log:

[09/Mar/2006 16:35:01] Client for Webmail session cbe17a5d8d4f32b95d3938f1dfa89298 changed IP address: created for IP=213.42.2.21, secure=yes, new connection from IP=213.42.2.10, secure=yes
[09/Mar/2006 16:35:03] Client for Webmail session cbe17a5d8d4f32b95d3938f1dfa89298 changed IP address: created for IP=213.42.2.21, secure=yes, new connection from IP=213.42.2.29, secure=yes
[09/Mar/2006 16:35:16] Client for Webmail session cbe17a5d8d4f32b95d3938f1dfa89298 changed IP address: created for IP=213.42.2.21, secure=yes, new connection from IP=213.42.2.11, secure=yes
[09/Mar/2006 16:35:32] Client for Webmail session 344f95a4443d6fc67f1eae8c1c18827b changed IP address: created for IP=213.42.2.11, secure=yes, new connection from IP=213.42.2.22, secure=yes

I know this is probably logged when a user forgets to logout and then logs in on another computer. However, look how close in time these are and appear to be the same session and several different IPs. This is not just someone logging on a different computer.

Is this some sort of attack? To create a webmail "session" does a user have to successfully log on OR is it just web crawlers hitting my front page?

Any help/comments appreciated.

Brian
  •  
rencorp

Messages: 33
Karma: 0
Send a private message to this user
Are you having DHCP issues on your network, or perhaps it is a remote user using a dodgy ISP connection where their modem keeps getting a new IP address after a line dropout.

It does seem to be rather a lot in a short space of thime though ...

Gary
www.rencorp.co.uk

Kerio Certified Business Partner - Messaging
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
I've had this kind of thing with laptop users that leave their WiFi connection to the network enabled when they plugin the ethernet cable...
  •  
bperkins

Messages: 359
Karma: 0
Send a private message to this user
Thanks guys, I guess it could have been either of those situations. The weird thing is that those IPs are not in the US. I don't think I have any users outside the US at this time.

I'll just keep monitoring.........

I appreciate the feedback.

Brian
Previous Topic: Simp-Chinese translation messed up
Next Topic: KOC offline
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 05:21:08 CET 2017

Total time taken to generate the page: 0.00440 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.