Hi,
Today I came accross an IP address that I can see that in past 24 hours 5.4 gb HTTP traffice genrated that points to one of our web server, I dont know if it is some kind of attack or not!! becuse I can see it heppens 3 times every second for past 24 hours,I dont know who is this IP address. shouldnt UTM have have block this IP when it see there is lot of http request to a web server?
the log shows:
016:01:26-16:00:06 securitysrv1-1 reverseproxy: id="0299" srcip="213.124.154.178" localip="62.XX.XX.184" size="96512" user="-" host="213.124.154.178" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="300056" url="/imageproxy/proxy.aspx" server="img.domain.nl" referer="-" cookie="-" set-cookie="-"
2016:01:26-16:00:06 securitysrv1-1 reverseproxy: id="0299" srcip="213.124.154.178" localip="62.XX.XX.184" size="93829" user="-" host="213.124.154.178" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="300371" url="/imageproxy/proxy.aspx" server="img.domain.nl" referer="-" cookie="-" set-cookie="-"
2016:01:26-16:00:07 securitysrv1-1 reverseproxy: id="0299" srcip="213.124.154.178" localip="62.XX.XX.184" size="99606" user="-" host="213.124.154.178" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="328138" url="/imageproxy/proxy.aspx" server="img.domain.nl" referer="-" cookie="-" set-cookie="-"
2016:01:26-16:00:07 securitysrv1-1 reverseproxy: id="0299" srcip="213.124.154.178" localip="62.XX.XX.184" size="93894" user="-" host="213.124.154.178" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="332786" url="/imageproxy/proxy.aspx" server="img.domain.nl" referer="-" cookie="-" set-cookie="-"
2016:01:26-16:00:07 securitysrv1-1 reverseproxy: id="0299" srcip="213.124.154.178" localip="62.XX.XX.184" size="78754" user="-" host="213.124.154.178" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="324298" url="/imageproxy/proxy.aspx" server="img.domain.nl" referer="-" cookie="-" set-cookie="-"
2016:01:26-16:00:08 securitysrv1-1 reverseproxy: id="0299" srcip="213.124.154.178" localip="62.XX.XX.184" size="91989" user="-" host="213.124.154.178" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="377668" url="/imageproxy/proxy.aspx" server="img.domain.nl" referer="-" cookie="-" set-cookie="-"
2016:01:26-16:00:08 securitysrv1-1 reverseproxy: id="0299" srcip="213.124.154.178" localip="62.XX.XX.184" size="70110" user="-" host="213.124.154.178" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="314730" url="/imageproxy/proxy.aspx" server="img.domain.nl" referer="-" cookie="-" set-cookie="-"
2016:01:26-16:00:08 securitysrv1-1 reverseproxy: id="0299" srcip="213.124.154.178" localip="62.XX.XX.184" size="83278" user="-" host="213.124.154.178" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="280414" url="/imageproxy/proxy.aspx" server="img.domain.nl" referer="-" cookie="-" set-cookie="-"
2016:01:26-16:00:09 securitysrv1-1 reverseproxy: id="0299" srcip="213.124.154.178" localip="62.XX.XX.184" size="89285" user="-" host="213.124.154.178" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="361705" url="/imageproxy/proxy.aspx" server="img.domain.nl" referer="-" cookie="-" set-cookie="-"
2016:01:26-16:00:09 securitysrv1-1 reverseproxy: id="0299" srcip="213.124.154.178" localip="62.XX.XX.184" size="121444" user="-" host="213.124.154.178" method="GET" statuscode="200" reason="-" extra="-" exceptions="-" time="494360" url="/imageproxy/proxy.aspx" server="img.domain.nl" referer="-" cookie="-" set-cookie="-"
Any point in this would be appreciated.
Thanks
This thread was automatically locked due to age.