Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
672
Views
0
Helpful
0
Replies

RV320 Firewall/DoS Log Packet Explanation

bob.hornick
Level 1
Level 1

‎08-08-2018 06:02 AM

I am getting the following:

yyyy-mm-dd, hh:mm:ss ALLOW UDP 216.218.206.114>4638 -> xxx.xxx.xxx.xxx:500 on eth1

where xxx.xxx.xxx.xxx is the IP of my router assigned by my ISP. Sometimes port 4500 is used.

 

These are both external IPs. Various external IPs are used in the packets.

 

I have added the following rule too:

#1 Enabled, DENY IPSEC[500] * Any Any ALWAYS

which should prevent this from happening IF the packet was traversing the RV320. So does this mean that something is trying to connect to directly to the RV320, and if so, why is it allowed?

 

What other rules are imbedded in the RV320 that are not visible to us?

 

I am also seeing things like:

ALLOW TCP 45.227.255.225:43418 -> 174.112.14.38:3395 on eth1

 

 

If the message is "ALLOW"ed, is the RV responding? Shouldn't it be IGNORE? Can we set it to ignore somehow?

 

I have tested these ports (500,4500, 3395) with Shields Up by grc.com and it reports they are all in "stealth" mode.

 

Thanks,

Bob.

2 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents