Scribd Logo
Upload

Welcome to Scribd!

  • Report NameIncident 1685011009874

    Uploaded by

    David Rojas
    10 views2 pages
    An incident report from the Super/Global organization details a DoS attack detected by their NIPS. The attack originated from IP address 141.98.10.185 targeting 172.16.10.209, and was identified as a Goahead.Webserver.HTTP.Request.DOS attack. The incident status is listed as active with a severity of high.

    Original Description:

    Original Title

    report-NameIncident-1685011009874

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    An incident report from the Super/Global organization details a DoS attack detected by their NIPS. The attack originated from IP address 141.98.10.185 targeting 172.16.10.209, and was identified as a Goahead.Webserver.HTTP.Request.DOS attack. The incident status is listed as active with a severity of high.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    10 views2 pages

    Report NameIncident 1685011009874

    Uploaded by

    David Rojas
    An incident report from the Super/Global organization details a DoS attack detected by their NIPS. The attack originated from IP address 141.98.10.185 targeting 172.16.10.209, and was identified as a Goahead.Webserver.HTTP.Request.DOS attack. The incident status is listed as active with a severity of high.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    Incident Report

    Organization: Super/Global
    User Notes

    Incident: 915862
    Event Severity HIGH Incident Last May 25 2023, 02:29:30 AM Event Name DoS Attack detected by NIPS
    Category Occurrence Time
    Incident Master.dgpad.org Incident Source srcIpAddr:141.98.10.185, Incident Target destIpAddr:172.16.10.209,
    Reporting Device
    Incident Detail Attack Incident Status Active Incident Open
    Name:Goahead.Webserver.HTTP.Request.DOS,Comp Resolution
    onent Event Type:FortiGate-ips-signature-
    Incident ID 915862 Event Type PH_RULE_IPS_HOST_DOS Incident Ticket New
    Status
    Business Service Count 1 Incident Cleared
    Name Time
    Incident Ticket Incident Impacts
    User Notification
    Recipients
    Incident Cleared Incident Event Severity 9
    Reason Comments
    Incident First May 25 2023, 02:29:30 AM Incident 172.16.10.246 Incident Ticket ID 336257767
    Occurrence Time Reporting IP
    Organization UNGRD Incident Incident Cleared
    Name Notification User
    Status
    Incident Incident Incident
    Externally Externally Cleared Externally
    Assigned User Time Resolution Time
    Incident External Incident External Incident External
    Ticket ID Ticket State Ticket Type
    Incident View Read Raw Event Log Incident Category Security
    Status
    Incident Impact Incident Approved Incident Title DoS Attack Goahead.Webserver.HTTP.Request.DOS
    Subcategory Reporting Device from 141.98.10.185 to 172.16.10.209
    Status
    Incident Tag Attack Technique Network Denial of Service: Direct Network Attack Tactic Impact
    Name Flood(T1498.001)
    IP Address Host Name Organization ID Country State City Region Building Floor

    Total Number Records: 1

    Page 1 of 2 Generated By May 25 2023, 05:36:49 AM


    Destination TCP/UDP
    Rank Event Receive Time Event Type Event Name Source IP Destination IP IP Protocol Source TCP/UDP Port Reporting IP
    Port

    May 25 2023, 02:28:25 FortiGate-ips-signature- Goahead.Webserver.HT


    1 141.98.10.185 172.16.10.209 6 (TCP) 39024 8080 (Siemens.LOGO) 172.16.10.246
    AM 38829 TP.Request.DOS

    <185>date=2023-05-25 time=02:28:25 devname="Master" devid="FGT6HD5818800816" eventtime=1684999706332328527 tz="-0500" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root"
    severity="medium" srcip=141.98.10.185 srccountry="Lithuania" dstip=172.16.10.209 srcintf="port7" srcintfrole="undefined" dstintf="LAG_LAN" dstintfrole="lan" sessionid=175212406 action="dropped" proto=6 service="HTTP" policyid=13
    Raw Event
    attack="Goahead.Webserver.HTTP.Request.DOS" srcport=39024 dstport=8080 url="/manager/html" direction="outgoing" attackid=38829 profile="IPS_Servidores" ref="http://www.fortinet.com/ids/VID38829" incidentserialno=268915076
    msg="web_server: Goahead.Webserver.HTTP.Request.DOS," crscore=10 craction=16384 crlevel="medium"

    Page 2 of 2 Generated By May 25 2023, 05:36:49 AM

    You might also like