Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 3 subscribers
  • Views 287 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application Violation do not know where it comes from?

Steffen Maurer

Hi,

I'm using a Sophos UTM in my home lab and since some weeks I get the following mails from the UTM (VMware Appliance 9.714-4):

The packet below

Src: 192.168.1.168:1205 {wifiap}  Dst: 139.9.27.141:21 (TCP)

 

matched this filter rule: application violation

filter info:              FTP: active FTP requested from 192.168.1.168 - not allowed

I have no active net 192.168.1. and I think it comes from a Docker or a failed config on a client but I don not find the source. So I want to look at the logs but do not find this in any log. So where this a application violation comes from and how can I stop sending a mail for this event?

Thanks for any hint, Steffen



This thread was automatically locked due to age.
Unfiltered HTML