Hi,
Having read many posts/articles on Active IP count on astaro, we are still wondering if what we understand is accurate.
Our situation: We have a /24 range of public IPs, of which currently approx 2/3 are actually used, but almost all of them appear in the active IP list. We understand that packets with a source OR DESTINATION of an utm-interface-ip-range are logged and counted as an active ip.
We assumed that as long as an ip is not used (=never sends anything, never exists on our network) it would not be considered as Active.
To our surprise we see in the Active IP list many addresses that we have not (recently, last months) used. Why are these IPs there? Could it be because in the last seven days, someone from somewhere randomly decided to do a ping/connection attempt to that (public but unused) IP address, thus adding the IP to our Active IPs list?
This would mean that anyone can basically do a DoS attack on our network, by pinging/connecting to unused public IPs behind our UTM -> filling up our list of Active IPs -> exceeding our sophos license count. Right?! That could cause some very annoying trouble...
Does it really work like that? And if yes, is there a way to exclude IPs that are public, but not in use?
This thread was automatically locked due to age.