Traffic from ec2-54-251-46-51.ap-southeast-1.compute.amazonaws.com

Question

All- 
 
 I am seeing in the packet filter log a very large amount of inbound unsolicited traffic from to amazon servers in Singapore: 
 ec2-54-251-46-51.ap-southeast-1.compute.amazonaws.com 
 ec2-54-251-46-87.ap-southeast-1.compute.amazonaws.com

2016:12:28-19:08:04 
 oasis 
 ulogd[7223]: 
 id="2021" 
 severity="info" 
 sys="SecureNet" 
 sub="packetfilter" 
 name="Packet 
 dropped 
 (GEOIP)" 
 action="drop" 
 fwrule="60019" 
 initf="eth0" 
 srcmac="40:a6:77:46:ff:c2" 
 dstmac="00:24:7e:00:c1:82" 
 srcip="54.251.46.51" 
 dstip="100.14.227.105" 
 proto="6" 
 length="52" 
 tos="0x00" 
 prec="0x00" 
 ttl="56" 
 srcport="80" 
 dstport="56639" 
 tcpflags="ACK 
 FIN"

2016:12:28-20:18:27 
 oasis 
 ulogd[7223]: 
 id="2021" 
 severity="info" 
 sys="SecureNet" 
 sub="packetfilter" 
 name="Packet 
 dropped 
 (GEOIP)" 
 action="drop" 
 fwrule="60019" 
 initf="eth0" 
 srcmac="40:a6:77:46:ff:c2" 
 dstmac="00:24:7e:00:c1:82" 
 srcip="54.251.46.87" 
 dstip="100.14.227.105" 
 proto="6" 
 length="52" 
 tos="0x00" 
 prec="0x00" 
 ttl="56" 
 srcport="80" 
 dstport="58532" 
 tcpflags="ACK 
 FIN"

Logging shows repetitive connection attempts beginning on 12/28/2016 at 19:08:04 and running with small breaks on the same data until 23:36:47. All times are eastern. While I think this is unsolocited traffic, the question becomes it this activity related to normal UTM operation for up2date in addition to webproxy updates? I realize this is blocked by geoip. What corrective action can be taken? A should note this is a home UTM with no user activity during that time. Thank you in advance for your help. Jim

sachingurung · Answer

Hi Scott, 
 If you refer the link for the packetfilter logfiles here , the id=60019 in the logs has the reason "License Usage Exceeded (Active IPs) - LOG and DROP". 
 Hope that helps.