WSA

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2019 11:05 PM - edited 10-24-2019 07:44 AM
We would like to know why is that our WSA is communicatiing in public using 445?
- Labels:
-
Web Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2019 12:33 AM
The IP provided belong to apple - apple.parklogic.com
So better look at console what device is try to communicated, Do you have any apple device in the network. ?
here port information :
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2019 06:22 AM
Hello Balaji,
How can we look at console what device is try to communicated?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2019 07:13 AM
Looging to WSA using SSH
once you see below prompt follow same steps :
> grep
>1 (this is for access logs)
>45.79.222.138
> N
> N
> Y
> N
then you can see real-time which IP address contacting that server.
or you can also do report on GUI destination type IP address - 45.79.222.138

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-01-2020 05:43 PM
Hello ccg-security,
TCP 445 is used for SMB communication. check if the WSA is trying to communicate with the AD. Is your AD on the outside?
Regards
Shikha Grover
PS: Please don't forget to rate and select as validated answer if this answered your question.
