I was examining one of my sonicwall firewalls I have installed and noticed some interesting traffic coming through. Well actually the firewall is stopping it like it is supposed to be doing, but I thought I would post the file and see what some of you think.
I have been tracing IPs this morning with ARIN.net and some of these belong to the hosting ISP, Eschelon/Integra Telecom. However, pretty much all of the port 445 requests are coming from out of the USA.
The first part of the attached is the ISP for some reason, but almost everything port 445 and up to 33662 looks a bit fishy.
I guess the main question here is since a lot of these are out of the country, and the sonicwall is doing its job (stopping the traffic) should there be a concern? The server doesn't host anything but internal file access and folder permissions, so no open ports to the outside world. Also in the event that repeated attempts from the same IP are logged, is there a way to take action on the offender or are they most likely forging their IP or tunneling it through someone else's ISP anyway?