This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Are these hacks?

Hi! I'm new to firewalls and UTM 9. Today i looked around in a active UTM 9 Sophos firewall and checked under Logging and Network Protection - Firewall.

For just today there where over 5000 lines and many of them from countries around the world.

 

I took som screenshots of these and of the info i got by clicking them, just to show you guys.

Are there breakins into our network? Have they gotten through our firewall?

 

On the first page, the dashboard, it all looks good thou..

 

 

Thanks!



This thread was automatically locked due to age.
Parents
  • Hi Jon,

    welcome.

    Just relax, if there would be a connection into your LAN you should expect more packets than 1 or 2. I would guess these are simply attempts to connect. If you are on the internet there you have always connection attempts from all arround the world.

    Best

    Alex

    -

  • Hi Alex!

    Thank you, sounds good :)

    I looked on all history and saw one adress in china with over 1220 packets. Is this anything to be concerned about then? 

  • 1220 packets aren't very much. Imagine a portscan, you have 1 packet for each port at least. So I think probably not, but you should check that. Look at the reports for this special address and the destination services. That should bring some light into darkness.

    So your system should be fine, from that point of view.

    -

  • Hi, Jon, and welcome to the UTM Community!

    Like Alex says, you're just seeing evidence of the UTM doing its job.  The UTM's firewall is enterprise-grade in that the only traffic allowed is what you configure in the various sections of WebAdmin.  See #2 in Rulz to understand better what that last comment means.  Any traffic not allowed by an explicit or implicit rule is blocked.  For responses to allowed outbound traffic, UTM uses a connection tracker to allow them in without rules like the Windows firewall requires.  The UTMs firewall is therefore termed "stateful."

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi, Jon, and welcome to the UTM Community!

    Like Alex says, you're just seeing evidence of the UTM doing its job.  The UTM's firewall is enterprise-grade in that the only traffic allowed is what you configure in the various sections of WebAdmin.  See #2 in Rulz to understand better what that last comment means.  Any traffic not allowed by an explicit or implicit rule is blocked.  For responses to allowed outbound traffic, UTM uses a connection tracker to allow them in without rules like the Windows firewall requires.  The UTMs firewall is therefore termed "stateful."

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children