Hi All,
Wondering if you can help me understand why I am this traffic in my reports. The 94.232.46.50 is the source and the 71.181.13.87 is the destination. This traffic was blocked by the Fortigate and I see it tried numerous TCP ports. Below is one line of the log but there are many. The thing is that 71.181.13.87 is not us...I have no idea what that address is? The source was the WAN and the destination was the WAN? Almost as if they were bouncing off our connection to hit another? Anyone have any insight into this? Thanks.
16:14:29(-0500) notice deny 94.232.46.50 71.181.13.87 tcp/40155 0 B/0 B Blocked Connection Attempts Source Device Name FGT80E4Q17014622 Source Country Bulgaria Source 94.232.46.50 Source Interface wan1 Source Port 44397 Source Interface Role wan Destination Destination Country United States Destination 71.181.13.87 Destination Interface wan1 Destination Port 40155 Destination Interface Role wan
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
looks like some kind of attack maybe.
Is it always on the same port? Is there any service reachable via your FGT on that port?
If so it could be bruteforce attack.
Otherwise could be some portscan or something like that. Or just trying to connect to some ports blindly.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
The thing is why would they hit our WAN interface to scan another entity. The destination IP is not ours.
is it from your ISP or close at least? they might have setup wrong routing then.
have you done a packet capture to see what kind of traffic it really is, might be encapsulated or such and the fortigate reports it wrong.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.