Are these hacks?

Hi! I'm new to firewalls and UTM 9. Today i looked around in a active UTM 9 Sophos firewall and checked under Logging and Network Protection - Firewall.

For just today there where over 5000 lines and many of them from countries around the world.


I took som screenshots of these and of the info i got by clicking them, just to show you guys.

Are there breakins into our network? Have they gotten through our firewall?


On the first page, the dashboard, it all looks good thou..




  • Hi Jon,


    Just relax, if there would be a connection into your LAN you should expect more packets than 1 or 2. I would guess these are simply attempts to connect. If you are on the internet there you have always connection attempts from all arround the world.



  • In reply to Alexander Busch:

    Hi Alex!

    Thank you, sounds good :)

    I looked on all history and saw one adress in china with over 1220 packets. Is this anything to be concerned about then? 

  • In reply to Jon Bernt:

    1220 packets aren't very much. Imagine a portscan, you have 1 packet for each port at least. So I think probably not, but you should check that. Look at the reports for this special address and the destination services. That should bring some light into darkness.

    So your system should be fine, from that point of view.

  • In reply to Jon Bernt:

    Hi, Jon, and welcome to the UTM Community!

    Like Alex says, you're just seeing evidence of the UTM doing its job.  The UTM's firewall is enterprise-grade in that the only traffic allowed is what you configure in the various sections of WebAdmin.  See #2 in Rulz to understand better what that last comment means.  Any traffic not allowed by an explicit or implicit rule is blocked.  For responses to allowed outbound traffic, UTM uses a connection tracker to allow them in without rules like the Windows firewall requires.  The UTMs firewall is therefore termed "stateful."

    Cheers - Bob

  • In reply to BAlfson:

    Unrelated, but worth mentioning for those on fixed bw volume connections.  I wonder if data consumed by each of these attempts of the course of a week/month add up to anything significant?