Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 796 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

V7.003 network security summary

RFCat_vk_01
I think the summary report provided at the Network Security Menu has the traffic going the wrong way.

The report shows top dropped source hosts where as I think the should be the destinations.

Reasoning.  I see a lot of sites in the top 10 services/destinations dropped which I have no rule to drop, but if they were top 10 source it would make more sense.
Top 10 dropped services/destinations

1 tcp/80  202.58.56.1 53  7.23% 
2 tcp/80  207.68.178.61 52  7.09%
3 tcp/80  207.68.178.134 43  5.86%
4 tcp/80  207.68.178.16 33  4.50%
5 udp/5060 96.0.0.25 33  4.50% 

The ASG is set not to respond to ping, but this report implies in my mind that the ASG is pinging these sites and dropping its own packets.
Am I making myself clear?

Ian M


This thread was automatically locked due to age.
  • 0
    Uhm, I am not 100% sure I got that right, but:

    if you have clients behind your ASG that try to access IP addresses for which no allow rule applies, the packets will be dropped (default policy => drop), having the client IP as source, and the IP in the internet as destination. Therefore, the originating client IP will be shown in the top 10 dropped source hosts, and the destination IP will be show in top dropped destination services/hosts.

    Maybe you should check your packetfilter log for detailed data on what packets were dropped that have this IP as destination address?

    Cheers,
     andreas
  • 0 in reply to andreas
    Andreas,
    basically your saying that I have a lot of misbehaving applications on our PCs. Applications that are not proxy aware?

    Ian M