Hello.
I have a logs file where the IP 192.168.1.1 receive requests from different IPs on the destination port 80 and answer by accept or deny.
In all these requests the quantity of transmitted data is small : from some handreds to 4000 bytes maximum.
Only one log is different :The IP 192.168.1.1 is the client client and it send a request to the destination port 80 of the IP 185.83.145.120 which send as response 600000 bytes!
<189>devname="D" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1565129415 srcip=192.168.1.1 srcport=49321 dstip=185.83.145.120 dstport=80 proto=6 action="accept" sentbyte=712
<189>devname="D" type="traffic" subtype="forward" level="notice" vd="root" eventtime=1565129416 srcip=185.83.145.120 srcport=80 dstip=192.168.1.1 dstport=49321 proto=6 action="accept" sentbyte=628123
The logs file that I have is limited for 1 hour so I don't know if before a connexion existed between the 2 IPs
The quantity of data received by 192.168.1.1 est great compared to the other logs (minimum 150x) and see this IP make a connexion to an external host...
Do you have any idea plase ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
if you feel that this ip add 185.83.145.120 floods your network, maybe you can try to use local in policy to block that external ip add.
Fortigate Newbie
192.168.1.1 is accessing the webserver at 185.83.145.120. A normal web server request.
Could be malicious or absolutely harmless..
Try to add a Webfilter on your firewall policy and check the logs, what URL/Hostname the device is accessing.
It might you give a hint what's going on.
A web filter is a really good thing for determining malicious addresses and understanding where the danger comes from. It also helps you to test how well you are hiding when doing something not really legal, but that's another story.
Some years ago, I spent a lot of time on GuidedHacking.com because I had to hack some games and programs for personal use. I had no money to buy them, and it was my only choice. I know it's not the best thing to do, and I'm not proud of it, but it was the only way for me to gain access to software like Photoshop and learn to use it.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.