Hello
We have an SG210 running UTM 9.413.
I have been reviewing our daily Executive Report and noticed that since last Wednesday port #65535 has appeared in the "Top 10 Services" table. It seems to be using more data each day, starting at 380MB and now exceeding 400MB.
A quick Google of this port shows it is used by some online games but also some Trojans, this has prompted me to investigate further.
However I am having problems finding this port/service using Logging and Reporting. I have searched the Network Protection > Firewall logs for Top Services by Source, Host, General and Top Source Hosts for the last 7 days but cannot find a single instance of that port being used.
I'm not sure where else to look - can anyone give me any advice on how else I can find out who/what has been using this port?
We do run nightly full AV scans which has not recorded any virus' for weeks, the UTM hasn't triggered any ATP alerts, there are no AV alerts in the UTM either.
Even if it isn't malicious I'd like to find out what using that amount of data, and why it suddenly started and is progressively using more bandwidth each day.
Many thanks
This thread was automatically locked due to age.
