I'm connecting my smartphone to my local home net using L2TP via the Sophos UTM.
I'm reviewing the firewall logs and notice traffic on port 443 being blocked between two addresses:
Source:
21.194.27.36 Dept of Defense
50.115.125.93 [URL="http://mxtoolbox.com/SuperTool.aspx?action=ptr%3a50.115.125.93&run=toolpage#"]50.115.125.93.static.westdc.net ??
[/URL]
69.171.245.49 Facebook
[SIZE=2]Location[/SIZE] [SIZE=2]
UNITED STATES, OHIO, COLUMBUS[/SIZE] [SIZE=2]Latitude, Longitude[/SIZE] [SIZE=2]39.96638, -83.01277 (39°57'59"S -83°0'46"E)[/SIZE] [SIZE=2]Connection through[/SIZE] [SIZE=2]DOD NETWORK INFORMATION CENTER[/SIZE] [SIZE=2]Local Time[/SIZE] [SIZE=2]04 Dec, 2013 05:17 PM (UTC -05:00)[/SIZE] [SIZE=2]Domain[/SIZE] [SIZE=2]NIC.MIL[/SIZE]Here are a couple of lines from the logs:
Note the L2TP is the traffic being parsed.
[FONT=monospace]14:08:16 Packet filter rule #6 L2TP 21.194.27.36 : 39669 → 50.115.125.93 : 443 [RST] len=40 ttl=63 tos=0x00 srcmac=0:0:2f[:D]2:32:f7
[/FONT]
[FONT=monospace]14:08:19 Packet filter rule #6 L2TP 21.194.27.36 : 39669 → 50.115.125.93 : 443 [RST] len=40 ttl=63 tos=0x00 srcmac=0:0:2f[:D]2:32:f7
[/FONT]
[FONT=monospace]14:08:19 Packet filter rule #6 L2TP 21.194.27.36 : 38247 → 69.171.245.49 : 443 [ACK PSH] len=130 ttl=63 tos=0x00 srcmac=0:0:2f[:D]2:32:f7
[/FONT]
[FONT=monospace]14:08:26 Packet filter rule #6 L2TP 21.194.27.36 : 39669 → 50.115.125.93 : 443 [RST] len=40 ttl=63 tos=0x00 srcmac=0:0:2f[:D]2:32:f7
[/FONT]
Could I get some fresh eyes on this?
Thanks,
Doug
This thread was automatically locked due to age.
