So, our customer had a problem couple of days ago, they own a hotel. A guest came to check in and paid. A couple of hours later, he realized that someone made two purchases on his card. The hotel confirmed that it was not a local issue.
So I was given the task to check hacking attempts in the firewall.
What exactly should I look for? I have the exact timeframe when that happened but I cant see anything that is suspicious in the logs. I did my "research" and there is a command in ASA: 'show local-host' and that will show you if there is multiple attempts for a halp opened TCP sessions but honestly, that did not help me at all.
Any advice/tips?
No comments:
Post a Comment