we setup our new Sophos UTM 220 as production Firewall here today. Everything is working fine. Except some strange blocked UDP connection attempts from plenty of hosts in my internal networkt to the external interface address:
2012:10:16-15:37:08 gw-rat01-1 ulogd[4663]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="0:3:79:3:63:4a" dstmac="0:1a:8c:32:2:20" srcip="10.50.14.38" dstip="10.50.18.16" proto="17" length="45" tos="0x00" prec="0x00" ttl="62" srcport="33503" dstport="31500"
2012:10:16-15:37:08 gw-rat01-1 ulogd[4663]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="0:3:79:3:63:4a" dstmac="0:1a:8c:32:2:20" srcip="10.50.14.38" dstip="10.50.18.16" proto="17" length="56" tos="0x00" prec="0x00" ttl="62" srcport="33503" dstport="31500"
15:41:51 Default DROP UDP
10.50.14.39 : 33502
→
10.50.18.16 : 31500
len=45 ttl=62 tos=0x00 srcmac=0:3:79:3:63:4a dstmac=0:1a:8c:32:2:20
15:41:51 Default DROP UDP
10.50.91.4 : 33500
→
10.50.18.16 : 31500
len=45 ttl=64 tos=0x00 srcmac=0:17:c5:74:cb:8 dstmac=0:1a:8c:32:2:20
15:41:51 Default DROP UDP
10.50.91.4 : 33500
→
10.50.18.16 : 31500
len=56 ttl=64 tos=0x00 srcmac=0:17:c5:74:cb:8 dstmac=0:1a:8c:32:2:20
15:41:51 Default DROP UDP
10.50.14.38 : 33503
→
10.50.18.16 : 31500
len=45 ttl=62 tos=0x00 srcmac=0:3:79:3:63:4a dstmac=0:1a:8c:32:2:20
15:41:52 Default DROP UDP
10.50.91.5 : 33501
→
10.50.18.16 : 31500
len=56 ttl=64 tos=0x00 srcmac=0:17:c5:74:cb:8 dstmac=0:1a:8c:32:2:20
15:41:52 Default DROP UDP
10.50.91.5 : 33501
→
10.50.18.16 : 31500
len=45 ttl=64 tos=0x00 srcmac=0:17:c5:74:cb:8 dstmac=0:1a:8c:32:2:20
15:41:52 Default DROP UDP
10.50.91.4 : 33500
→
10.50.18.16 : 31500
len=45 ttl=64 tos=0x00 srcmac=0:17:c5:74:cb:8 dstmac=0:1a:8c:32:2:20
What's up with these connection attempts?
This thread was automatically locked due to age.
