This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

One ip One Destination One Spesific Port; There is some huge traffic.

Hi, today I saw one of our users 192.168.3.29 has done ~900MB traffic to 193.140.100.220 which seems to belong uludag.org.tr. The problem is it is the traffic is on 43825 and 44861 ports which SHOULD BE DROPPED [:O]

I attach some screenshots.

I looked to todays PackageFilter Log file: there is no 192.168.3.29 or 193.140.100.220 in the logs. Not a single line.

I have webproxy enabled. IM/P2P control disabled. So how should this port and these IPs bypass the package filter? Where should I check?

This thread was automatically locked due to age.

Parents

0 rahman over 14 years ago

I just want to clarify something. There are 192.168.3.29 client logs in PF logs, this is not a ghost ip [:)] . But no log for the spesific traffic: 192.168.3.29 -> 4***xx port -> uludag.org.tr.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rahman over 14 years ago

I just want to clarify something. There are 192.168.3.29 client logs in PF logs, this is not a ghost ip [:)] . But no log for the spesific traffic: 192.168.3.29 -> 4***xx port -> uludag.org.tr.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data