Am 23.05.2025 um 17:33 schrieb Tim Zakharov:
At Status->Network (other)->Firewall Hits Graph I sometimes see values
in the 'To Hostile Networks' line beneath the graph, which tells me a
green IP attempted to send traffic to a Hostile Network. In a forum
conversation with Adolf Belka, I was guided to Export Firewall Logs for
the day the event occurred and search for DROP_HOSTILE. I did, but
could only come up with RED traffic, not GREEN, during that time frame.
For example:
2:13:11 DROP_HOSTILE IN= OUT=red0 SRC=70.164.192.226 DST=202.61.85.215
LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=17688 DF PROTO=TCP SPT=57844
DPT=80 WINDOW=42340 RES=0x00 SYN URGP=0
Where SRC is my RED IP and DST is the hostile network.
As stated in the forum thread, this is an attempt of the proxy to reach
the hostile address. This is done by request of a client in the local
network for this IP.
To find this client, you have to analyse the proxy logs also. There
should be an entry "request from <client IP> to <hostile IP>".
BR,
Bernhard
