Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 19303 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Commtouch IP addresses being blocked by XG

António Soares

Hi,

Our XG is blocking continuously accesses from Commtouch servers on port 80.

Is this normal?

Why are being logged events from several Commtouch servers? Is it connected to the UTM services or attack attempts?

Regards,

Antonio



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to António Soares

    Hi,

    i was talking about the Sophos UTM.

    Thought you are using something behind the XG like Sophos UTM?

     

    Note – The list of RBLs queried by Sophos UTM is subject to change without notice. Sophos does not warrant for the contents of these databases.

     

    Cheers

    __________________________________________________________________________________________________________________

Children
  • 0 in reply to LuCar Toni

    Indeed the failed attempts are detected on the XG and directed to XG.

  • 0 in reply to António Soares

    Hi,

    to be clear: Can you please post the logviewer ? 

    I think, something behind the XG is start this dialog. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi,

     

    here you have. My IP has been masked.

    This is a small portion.

     

    Time,Log Comp,Action,Username,Firewall Rule,In Interface ,Out Interface ,Source IP,Destination IP,Source Port,Destination Port,Protocol,Rule Type,Message ID,Live PCAP,Message,
    2018-03-11 00:48:33,Invalid Traffic ,Denied,,0,,,216.163.176.36,x.x.x.x,80,16882,TCP,0,01001,Open PCAP,Invalid TCP state.,
    2018-03-11 00:48:32,Invalid Traffic ,Denied,,0,,,x.x.x.x,84.39.152.32,26986,80,TCP,0,01001,Open PCAP,Invalid TCP state.,
    2018-03-11 00:48:32,Invalid Traffic ,Denied,,0,,,84.39.152.32,x.x.x.x,80,26986,TCP,0,01001,Open PCAP,Invalid TCP state.,
    2018-03-11 00:48:32,Invalid Traffic ,Denied,,0,,,x.x.x.x,84.39.153.32,19919,80,TCP,0,01001,Open PCAP,Invalid TCP state.,
    2018-03-11 00:48:32,Invalid Traffic ,Denied,,0,,,84.39.153.32,x.x.x.x,80,19919,TCP,0,01001,Open PCAP,Invalid TCP state.,
    2018-03-11 00:48:30,Invalid Traffic ,Denied,,0,,,x.x.x.x,216.163.188.34,23604,80,TCP,0,01001,Open PCAP,Could not associate packet to any connection.,
    2018-03-11 00:48:30,Invalid Traffic ,Denied,,0,,,x.x.x.x,38.113.116.214,32342,80,TCP,0,01001,Open PCAP,Could not associate packet to any connection.,
    2018-03-11 00:48:30,Invalid Traffic ,Denied,,0,,,x.x.x.x,216.163.188.34,23615,80,TCP,0,01001,Open PCAP,Invalid TCP state.,
    2018-03-11 00:48:29,Invalid Traffic ,Denied,,0,,,216.163.188.34,x.x.x.x,80,23615,TCP,0,01001,Open PCAP,Invalid TCP state.,
    2018-03-11 00:48:29,Invalid Traffic ,Denied,,0,,,x.x.x.x,216.163.176.36,16871,80,TCP,0,01001,Open PCAP,Could not associate packet to any connection.,

     

    Regards

  • 0 in reply to António Soares

    Hi All

     

    I have same problem show error and block 80/443 connections.

     

    Regards

  • 0 in reply to António Soares

    Hi,

    Please perform a tcpdump.

    I think, there is something, which tries to reach the commtouch server. Try

    tcpdump -ni any host  216.163.188.34 or host 38.113.116.214

     

    __________________________________________________________________________________________________________________

Cookie Information Banner