Hi,
Can someone please explain this to me;
In the firewall log I can see from an IP address in Russian Federation try to access ports 53,137, 25 80 en 135 etc and I can see that UTM Drop the packages, what I dont undestand is, shouldnt after some times the utm block this IP address at all? why still We can see the Drop packages in the logs?
or what I see in the logs means that the IP has been blocked?
we decided to black the Russian Federation as a country and now in the log I can see the packages still coming in but get Drop becuse the Country blocking.
this is also what I see in the log:
the 89.108.104.81 where is atteck is oraginated
[HTML]2015:10:05-12:28:54 securitysrv1-1 ulogd[13301]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x1000" srcmac="54:e0:32:06:76:9a" dstmac="00:1a:8c:f0:0f:a1" srcip="89.108.104.81" dstip="62.XX1.XX.184" proto="6" length="52" tos="0x00" prec="0x00" ttl="116" srcport="80" dstport="1723" tcpflags="SYN" [/HTML]
This thread was automatically locked due to age.