Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
1115
Views
0
Helpful
0
Comments

SWE and CTR inverse direction flow

pablohernandez
Level 1
Level 1
‎10-09-2020 08:13 PM

During some flow analisys on SWE and CTR, I observed that some flows are been reported on the inverse direction, for example, there is a connection from an IP address located in Korea to my public IP address (located in Costa Rica). Checking this flow on CTR and SWE it seems the connection is been originated from my IP address, however, analizing the flow further, is clear that the flow originates from the Korean IP... this flow seems to be captured by a Flow Sensor located on the external network perimeter, and there is only one packet sourced from the Korean IP address.

 

Any hints about this behavior?  

 

Some screenshots attached as reference.

 

Preview file
182 KB
Preview file
120 KB
Preview file
117 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents