From: | John |
---|---|
Date: | 5/10/18 3:17 PM |
Topic: | Intrusion detection |
Type: | General Discussions |
Post a follow up |
Testing Xeams as a Stand Alone server, the intrusion log has a few attempts to brute force, but the IP's show as coming from my router, instead of the attacker's IP: 2018-05-10 07:14:17,797 - User blocked for attempting too many incorrect passwords. IP address:192.168.1.1. Source: Smtp Server. Attempt number 33. Login: noreply 2018-05-10 07:59:35,634 - User blocked for attempting too many incorrect passwords. IP address:192.168.1.1. Source: Smtp Server. Attempt number 34. Login: student 2018-05-10 08:22:44,976 - User blocked for attempting too many incorrect passwords. IP address:192.168.1.1. Source: Smtp Server. Attempt number 35. Login: ftpuser 2018-05-10 08:45:53,766 - User blocked for attempting too many incorrect passwords. IP address:192.168.1.1. Source: Smtp Server. Attempt number 36. Login: besadmin 2018-05-10 09:09:03,491 - User blocked for attempting too many incorrect passwords. IP address:192.168.1.1. Source: Smtp Server. Attempt number 37. Login: internet 2018-05-10 09:31:51,675 - User blocked for attempting too many incorrect passwords. IP address:192.168.1.1. Source: Smtp Server. Attempt number 38. Login: user1 |
|
Top |
From: | Synametrics Support |
---|---|
Date: | 5/10/18 3:26 PM |
Topic: | Intrusion detection |
Type: | General Discussions |
Post a follow up |
This happens when your router hides the actual IP of the foreign host. Check if there is setting on your router not to do that. |
|
Top |
From: | John |
---|---|
Date: | 5/10/18 4:05 PM |
Topic: | Intrusion detection |
Type: | General Discussions |
Post a follow up |
That was it exactly. Appreciate the quick response. |
|
Top |
From: | Synametrics Support |
---|---|
Date: | 5/10/18 4:09 PM |
Topic: | Intrusion detection |
Type: | General Discussions |
Post a follow up |
John, If you don't mind, could you please tell us which router/firewall you are using and where did you go to change this. Your answer will help others running into the same situation. |
|
Top |
From: | Anonymous |
---|---|
Date: | 5/13/18 3:22 PM |
Topic: | Intrusion detection |
Type: | General Discussions |
Post a follow up |
Fortigate 311B, Log into the router, go to Policies and Objects --> IP4, and disable NAT for the ports you are forwarding. |
|
Top |