Skip to main content
khaledparis
khaledparis
New Member
April 21, 2020
Question

[Hacking] sentbyte = 600000

  • April 21, 2020
  • 2 replies
  • 5176 views

Hello.

 

I have a logs file where the IP 192.168.1.1 receive requests from different IPs on the destination port 80 and answer by accept or deny.

In all these requests the quantity of transmitted data is small : from some handreds to 4000 bytes maximum.

Only one log is different :The IP 192.168.1.1 is the client client and it send a request to the destination port 80 of the IP 185.83.145.120 which send as response 600000 bytes!

 

<189>devname="D" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1565129415 srcip=192.168.1.1 srcport=49321 dstip=185.83.145.120 dstport=80 proto=6 action="accept" sentbyte=712

<189>devname="D" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1565129416 srcip=185.83.145.120 srcport=80 dstip=192.168.1.1 dstport=49321 proto=6 action="accept" sentbyte=628123

The logs file that I have is limited for 1 hour so I don't know if before a connexion existed between the 2 IPs

 

The quantity of data received by 192.168.1.1 est great compared to the other logs (minimum 150x) and see this IP make a connexion to an external host...

 

Do you have any idea plase ?

 

    2 replies

    Fullmoon
    Fullmoon
    New Member
    April 22, 2020

    if you feel that this ip add 185.83.145.120 floods your network, maybe you can try to use local in policy to block that external ip add.

    localhost
    localhost
    Visitor III
    April 25, 2020

    192.168.1.1 is accessing the webserver at 185.83.145.120. A normal web server request.

    Could be malicious or absolutely harmless..

     

    Try to add a Webfilter on your firewall policy and check the logs, what URL/Hostname the device is accessing.

    It might you give a hint what's going on.

    yuriinfluenced
    yuriinfluenced
    New Member
    July 26, 2022

    A web filter is a really good thing for determining malicious addresses and understanding where the danger comes from. It also helps you to test how well you are hiding when doing something not really legal, but that's another story.
    Some years ago, I spent a lot of time on GuidedHacking.com because I had to hack some games and programs for personal use. I had no money to buy them, and it was my only choice. I know it's not the best thing to do, and I'm not proud of it, but it was the only way for me to gain access to software like Photoshop and learn to use it.

    Terms & ConditionsAccessibility statement