Good morning I have the following problem my two public IPs go to XBL(Spamhaus) blacklist, the error is as follows:
Technical details of the detectionThis was detected by a tcp connection from "my public ip" on port 3795 going to IP address "target ip" (the "sinkhole") on port 80.
In my UTM Firewall how do I see the ip in the network making the request? What log should I check?
I tried checking the packet filter file but can't find a solution.Thank you
Ciao Giovanni - Hi John - and welcome to the UTM Community!
In 'Logging and Reporting >> Network Usage' on the 'Bandwidth Usage' tab, you can make selections to see which machine accessed the "target ip."
any luck with that?
Cheers - Bob
Thank you I was able to see by adding in Attack Patterns the option "Add Extra warinings" and in the Intrusion Prevention System log I found the computer running the malware. Now I can't lock the ip with a firewall rule, Surfing Web service, destination Any , Action --> Reject.