05-21-2014 06:12 PM
I am experiencing approx 20 Firewall info logs per day of ips being blocked by my firewall. A Whois search shows that the are ips originating in China and are coming through the Kamloops server. I guess the questions are "does Telus monitor for brute force attempts through their servers? can they blacklist or otherwise block known troublesome ips? what further steps can an end user take to ensure firewall integrity?"
Solved! Go to Solution.
05-23-2014 07:39 PM
thanks for the response Nasty. This would be the telus gateway firewall log.So the next question for me would be "how do I spell paranoia?" hahaha. Just not used to seeing src ips from Shanghai. Below is a screenshot of todays log. 101.227...etc is shanghai, 79.1...etc is Rome Italy 218.208...etc is kuala lumpur. Thanks again.
05-22-2014 05:22 PM
Is this a business standalone firewall product?
Or just the Telus Gateway firewall logs?
A brute force attempt would be more like hundreds of hits per hour trying to find a hole(open ports to an internal machine/server).
The Telus Gateway firewall log will have a description of what protocol/port pinged the Gateway.
If I were to ping any random IP address on the Internet, it will show up in that users firewall logs.
If my IP was to change and I got an IP address from someone who did filesharing(P2P), for a short time I would get connection requests from other P2P users, until their P2P directory changes.
05-23-2014 07:39 PM
thanks for the response Nasty. This would be the telus gateway firewall log.So the next question for me would be "how do I spell paranoia?" hahaha. Just not used to seeing src ips from Shanghai. Below is a screenshot of todays log. 101.227...etc is shanghai, 79.1...etc is Rome Italy 218.208...etc is kuala lumpur. Thanks again.