Hi stuartprice,

stuartprice99 · ‎01-04-2016

What is the meaning of a security notification like this from an RV320?

Jan 4 17:30:09 2016 CiscoTCP 192.168.1.111:64119 -> xxx.xxx.xxx.xxx:80 on eth0

I've been having a few pop up today - all on apple machines on the LAN curiously...

Many thanks

Andrew Lien · ‎01-05-2016

Hi stuartprice,

Are your apple machines connected to a printer/fax/network storage? After some research on your source port, it seems that 64119 uses TCP. As far as I know, TCP is used when machines have to get all transmitted data from certain applications, such as applications from the following:

Web
SSH, FTP, telnet
SMTP, sending mail
IMAP/POP, receiving mail

It could be possible that some of your apple machines have the above applications that use TCP and that's why you're getting those security notifications.

I hope this helps!

-Andy

stuartprice99 · ‎01-05-2016

Thanks Andy!

With further checking there are multiple entries - they all start at an arbitrary range around the 50-60 thousands, then move up incrementally over multiple attempts.

The IP addresses they all point to either trace back to my ISP or Akamai, who i believe provide some apple cloud services.

In the cisco log, they appear under the 'firewall/dos' list.

I suppose my curiosity is what does that message actually mean? Does it mean a upnp event has occurred on a computer? Or is it an external request to open port on a machine? I haven't been able to find any literature that can explain it. Upnp is disabled on the RV320, and the firewall is active.

Thanks!

RV320 Log Message Meaning