Hello.
I can't well understand the following logs :
3. <189>devname="D" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1565129433 srcip=85.94.235.164 srcport=57297 dstip=192.168.1.1 dstport=80 proto=6 action="accept" sentbyte=882 ... 2. <189>devname="D" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1565129400 srcip=30.228.105.150 srcport=123 dstip=192.168.1.1 dstport=80 proto=17 action="deny" sentbyte=468 1. <189>devname="D" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1565129399 srcip=192.168.1.1 srcport=80 dstip=85.94.233.180 dstport=61205 proto=6 action="accept" sentbyte=3760
My analyse gives : First, Some Telecom operators IPs (us 85.94.233.180) made connection to the IP 192.168.1.1 (internet box) on the destination port 80 with Firewall accept. Next, hundreds of AS (Autonomous Systems, here 30.228.105.150) IPs try to make connection from the source port 123 (NTP, time synchronisation) on the IP 192.168.1.1 with port 80 with firewall deny. Finally, we return us in the beginning.
I don't understand : 1/ Why the AS try to made connection on the box from the source port 123 ? 2/ Why the destination port is 80 and not 123 ? 3/ Why the access is deny ?
Something is not ok but i can't see what is it ?
Could you help me please ?
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.