Posted on 2010-09-08
Can anyone help me interpret these logs and determine a plan of action? One says ACCESS PERMITTED. The source is a 66. IP. The other is an ATTACK and the source is my domain? The ATTACK destination is 75. IP The 192. IP is my domain, I think. That number matches up, except for the last 3 digits.
17 2010-09-08 09:48:57 Firewall rule match: TCP (W to L, rule:1) 22.214.171.124:8093 192.168.10.21:80 ACCESS PERMITTED
18 2010-09-08 09:23:54 ip spoofing - WAN TCP (W to W/ZW) 192.168.10.102:80 126.96.36.199:12551 ATTACK