01-04-2016 05:52 PM
What is the meaning of a security notification like this from an RV320?
Jan 4 17:30:09 2016 CiscoTCP 192.168.1.111:64119 -> xxx.xxx.xxx.xxx:80 on eth0
I've been having a few pop up today - all on apple machines on the LAN curiously...
Many thanks
01-05-2016 09:52 AM
Hi stuartprice,
Are your apple machines connected to a printer/fax/network storage? After some research on your source port, it seems that 64119 uses TCP. As far as I know, TCP is used when machines have to get all transmitted data from certain applications, such as applications from the following:
It could be possible that some of your apple machines have the above applications that use TCP and that's why you're getting those security notifications.
I hope this helps!
-Andy
01-05-2016 09:55 AM
Thanks Andy!
With further checking there are multiple entries - they all start at an arbitrary range around the 50-60 thousands, then move up incrementally over multiple attempts.
The IP addresses they all point to either trace back to my ISP or Akamai, who i believe provide some apple cloud services.
In the cisco log, they appear under the 'firewall/dos' list.
I suppose my curiosity is what does that message actually mean? Does it mean a upnp event has occurred on a computer? Or is it an external request to open port on a machine? I haven't been able to find any literature that can explain it. Upnp is disabled on the RV320, and the firewall is active.
Thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide