Results 1 to 6 of 6
  1. #1
    TRG
    TRG is offline
    Newbie
    Join Date
    May 2018
    Posts
    3

    Exclamation Suspicious HTTP Activity Event. Unable to determine which client is making these acts

    I am receiving these emails every few minutes!

    I am not able to determine which client is making these activities...


    Subject: Command Center Notification: Suspicious Activity: HTTPS Attack [Occurred 4405 time(s)]
    2022-09-18_11-25-28.png

    how can I tell which client is causing these activities? any ideas?

    I do have a VPN tunnel attached to one of the vlans only.

  2. #2
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    4,375

    Default

    Client Address , then resolve ip to name via DNS
    The world is divided into 10 kinds of people, who know binary and those not

  3. #3
    TRG
    TRG is offline
    Newbie
    Join Date
    May 2018
    Posts
    3

    Default

    the client address is my WAN IP, it's not showing a local IP!

  4. #4
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,964

    Default

    The UVM scans in both directions. Seeing the WAN IP as the client could mean the connection is coming from outside your network, and also that you have a double NAT situation in play (otherwise you'd see some other public IP).
    gravenscroft likes this.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.5.2 to protect a 1Gbps fiber link for ~450 residential college students and associated staff and faculty

  5. #5
    TRG
    TRG is offline
    Newbie
    Join Date
    May 2018
    Posts
    3

    Default

    I do not have any NAT rules... I only have two port forwarding rules.

  6. #6
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,964

    Default

    Double NAT doesn't have anything to do with NAT rules. It means you have another router in front of Untangle. So Untangle is doing a layer of NAT, and the other router is also doing a layer of NAT. You want to avoid this situation. If Untangle reports a non-routable address (10.0.0.0/8, 192.168.0.0/16, or 172.16.0.0/12) on it's External interface (the hidden WAN IP from the original image), you want to fix that (because most of us really would consider it broken).
    Last edited by jcoehoorn; 09-21-2022 at 11:19 AM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 16.5.2 to protect a 1Gbps fiber link for ~450 residential college students and associated staff and faculty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2